Apple Rushes Out Patches for 0-Days in MacOS, iOS
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.
Newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
Get the latest breaking news delivered daily to your inbox.
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.
The security bug could crop up, so to speak, in any number of Java applications.
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers’ DevOps platforms – to its hit list.
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.
“We made a mistake,” Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.
The security vendor’s appliance suffers from an authentication-bypass issue.
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
Essentials in modern day cybersecurity include artificial intelligence and machine learning that can autonomously understand, learn and act to thwart cyberattacks.
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
London Police can’t say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.
A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’
~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.
Mustang Panda’s already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.
Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look.
Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.
A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.
The data-extortion gang got at Microsoft’s Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.
Lapsus$ shared screenshots of internal Okta systems and 40Gb of purportedly stolen Microsoft data on Bing, Bing Maps and Cortana.
“Evolving intelligence” shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said — but researchers warn that many orgs are not prepared.
After years of promising a passwordless future – really, any day now! – FIDO is proposing tweaks to WebAuthn that could put us out of password misery. Experts aren’t so sure.
An unusual attack using an open-source package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies.
Can we trust web browsers to protect us, even if they say “https?” Not with the novel BitB attack, which fakes popup SSO windows to phish away credentials for Google, Facebook and Microsoft, et al.
The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it’s actually spyware capable of stealing any and all information from victims’ social-media accounts.
The latest is a fresher version of the ransomware pro-Ukraine researcher ContiLeaks already released, but it’s reportedly clunkier code.
A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit.
The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.
A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says.
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said.
Researchers have exposed the work of Exotic Lily, a full-time cybercriminal initial-access group that uses phishing to infiltrate organizations’ networks for further malicious activity.
In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module.
Five percent of the databases are vulnerable to threat actors: It’s a gold mine of exploit opportunity in thousands of mobile apps, researchers say.
It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.
Scammers are bypassing Apple’s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.
CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on.
The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.”
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.
There are currently no mitigations for the severe Linux kernel bug, QNAP warned on Monday.
Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany.
The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.
They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power.
The country’s citizens are being blocked from the internet because foreign certificate authorities can’t accept payments due to Ukraine-related sanctions, so it created its own CA.
The credential-stealing trash panda is using the chat app to store and update C2 addresses as crooks find creative new ways to distribute the malware.
Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep’s clothing that grabs your cryptocurrency info instead.
A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways.
FinCEN warns financial institutions to be ware of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.
Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.
Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations tested by AppOmni being vulnerable to malicious data extraction.
Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China’s Mustang Panda targeting Europe.
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug.
While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks.
The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel.
Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers.
The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked.
NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.
Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser.
Notes threatening to tank targeted companies’ stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL.
Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.
A military email address was used to distribute malicious email macros among EU personnel helping Ukrainians.
It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.
Stock the liquor cabinet and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”
Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.
The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn’t care less: It’s still operating just fine. Still, the dump is a bouquet’s worth of intel.
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations.
Via node-hopping, the espionage tool can reach computers that aren’t even connected to the internet.
Microsoft detected cyberattacks launched against Ukraine hours before Russia’s tanks and missiles began to pummel the country last week.
Malicious emails warning Microsoft users of “unusual sign-on activity” from Russia are looking to capitalizing on the Ukrainian crisis.
A pro-Ukraine Conti member spilled 13 months of the ransomware group’s chats, while cyber actors are rushing to align with both sides.
The plants will shut down on Tuesday, halting about a third of the company’s global production. Toyota doesn’t know how long the 14 plants will be unplugged.
The infamous trojan is likely making some major operational changes, researchers believe.
The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks’ favorites, ProxyShell and ProxyLogon – as initial infection vectors.
Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge.
The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia’s military operations in Ukraine.
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.
A pair of bugs in the Snap-owned tracking app reveal phone numbers and allow account hijacking.
The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run.
Demand for public Wi-Fi is on the rise. Usually free of charge, but there is a risk of expensive losses. Learn ways to protect yourself from cyber-threats.
A targeted phishing attack takes aim at a major U.S. payments company.
With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.
One cryptography expert said that ‘serious flaws’ in the way Samsung phones encrypt sensitive material, as revealed by academics, are ’embarrassingly bad.’
Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence."
Nothing like zombie campaigns: WannaCry’s old as dirt, and GandCrab threw in the towel years ago. They’re on auto-pilot at this point, researchers say.
The overall number of attacks on mobile users is down, but they’re getting slicker, both in terms of malware functionality and vectors, researchers say.
The Conti gang breached the cookware giant’s network, prepping thousands of employees’ personal data for consumption by cybercrooks.
Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.
Attackers took advantage of a smart-contract migration to swindle 17 users.
Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend.
An oversight in a WordPress plug-in exposes PII and authentication data to malicious insiders.
Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran’s Supreme Leader was a clumsy and unsophisticated wiper attack.
Newborn as it is, the Kraken botnet has already spread like wildfire, thanks to the malware’s author tinkering away over the past few months, adding more infostealers and backdoors.
On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not.
Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware.
When it comes to ensuring safe cloud app rollouts, there’s flat-out animosity between business shareholders. HackerOne’s Alex Rice and GitLab’s Johnathan Hunt share tips on quashing all the squabbling.
The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks.
The phishing attacks are spoofing LinkedIn to target ‘Great Resignation’ job hunters, who are also being preyed on by huge data-scraping bot attacks.
On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren’t easy to track down, and it’s easy as pie to exploit.
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS.
An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.
SquirrelWaffle attackers now use typosquatting to keep sending spam, even after Exchange servers are patched for ProxyLogon/ProxyShell.
The year’s 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems.
Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.
Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team’s files.
35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees.
The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems.
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.
The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates’ systems with dusty old keyloggers and off-the-shelf RATs.
A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content.
The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.
The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.
SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.
The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said.
The living-off-the-land binary (LOLBin) is anchoring a rash of cyberattacks bent on evading security detection to drop Qbot and Lokibot.
Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout.
Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba.
Crane Hassold, former FBI analyst turned director of threat intel at Abnormal Security, shares stories from his covert work tracking cyberattackers.
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don’t delay to apply the patches, security experts said.
Attackers infiltrated the media giant’s network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC.
Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit.
Two powerful trojans with spyware and RAT capabilities are being delivered in side-by-side campaigns using a common infrastructure.
However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.
The ‘smishing’ group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next.
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.
The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.
UPDATE: Puma was one of the companies from which employees’ personal data was stolen. Customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more.
A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics.
The company’s RV line of small-business routers contains 15 different security vulnerabilities, some unpatched, that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating.
The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it’s-not-saying. Wormhole is trying to negotiate with the attacker.
Attackers are using socially engineered emails with .ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines.
The Conti gang strikes again, disrupting the nom-merchant’s supply chain and threatening supermarket shelves that could stay empty for weeks.
Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them.
Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors.
The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware.
The warning follows a Citizen Lab report that found the official, mandatory app has an encryption flaw that “can be trivially sidestepped.” Besides burners, here are more tips on staying cyber-safe at the Games.
Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn.
ATO attacks are evolving. Jason Kent, hacker-in-residence at Cequence Security, discusses what new-style cyberattacks look like in the wild.
The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.
LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection.
The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update.
The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also “hack every website you’ve ever visited.”
Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.
The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.
The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics’ network has been crippled.
MacOS malware Shlayer and Bundlore may have variations, but the behavior of their attacks have not changed – attacking older macOS versions and poorly-protected websites.
The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line.
The malware had already put millions of routers and IoT devices at risk, and now any noob can have at it.
Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.
SaaS Security Posture Management (SSPM) named a must have solution by Gartner. Adaptive Shields SSPM solution allows security teams full visibility and control.
The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis.
iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.
The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.
Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.
Threat actors use bogus ‘shipping delays’ to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.
The 12-year-old flaw in the sudo-like Polkit’s pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.
Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.
Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country’s only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.
A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.
Visitors who shopped on the company’s eCommerce website in January will likely find their payment-card data heisted, researchers warned.
A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.
A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users.
Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques.
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.
The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.
What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant’s 2017 cyberattack.
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
In a display of 2FA’s fallibility, unauthorized transactions approved without users’ authentication bled 483 accounts of funds.
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software.
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. UPDATE: The ICRC says it’s open to confidentially communicating with the attacker.
R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation.
Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts.
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.
A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects — but harvests credentials instead.
Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.
It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.
VMware’s container-based application development environment has become attractive to cyberattackers.
It’s a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art.
Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.
Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said.
UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next.
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.
Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers.
As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site.
The country’s FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil’s infrastructure.
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.
Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.
Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens.
US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.
GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.
Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered.
Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.
A cloudy campaign delivers commodity remote-access trojans to steal information and execute code.
Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users.
Sponsored: Password security is highlighted in attorney general warning to New York state businesses.
Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts.
It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey.
The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score.
The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots.
Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.
The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense.
The malware establishes initial access on targeted machines, then waits for additional code to execute.
Researchers offer more detail on the bug, which can allow attackers to completely take over targets.
The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al.
Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.
Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found.
End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cybersecurity CTO Matt Keller says.
Fertility Centers of Illinois’ security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files.
Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum.
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.
Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages.
The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week.
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.
The ‘NoReboot’ technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.
A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said.
The accounts fell victim to credential-stuffing attacks, according to the New York State AG.
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.
More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October.
A simple-to-exploit bug that allows bad actors to send emails from Uber’s official system – skating past email security – went unaddressed despite flagging by multiple researchers.
Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
The campaign was an opportunistic supply-chain attack abusing a weaponized Brightcove cloud video player.
Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.
The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack.
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.
Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them.
Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency.
Here’s what cybersecurity watchers want infosec pros to know heading into 2022.
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.
The year wasn’t ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.
A look back at what was hot with readers in this second year of the pandemic.
The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities.
Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said.
The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report.
Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects.
Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack.
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.
There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.
APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.
Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.
T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls.
The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.
Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones.
Attackers are using the excitement over the new Spider-Man movie to steal bank information and spread malware.
Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges.
The discovery, which affects services running as localhost that aren’t exposed to any network or the internet, vastly widens the scope of attack possibilities.
Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.
The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions.
Analysts warn that the attack group, now known as ‘Earth Centaur,’ is honing its attacks to go after transportation and government agencies.
It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.
The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.
More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.
“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.
SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
Sounil Yu, CISO at JupiterOne, discusses the growing mesh of integrations between SaaS applications, which enables automated business workflows – and rampant lateral movement by attackers, well outside IT’s purview.
It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.
December’s Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities.
The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.
An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what’s vulnerable, what an attack looks like and to how to remediate.
Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed.
The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.
Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking.
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.
What some call the worst cybersecurity catastrophe of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.
Scammers are using fake job listings to empty the wallets of young, hopeful victims looking to break into the gaming industry.
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”
Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.
The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.
U.S. and Canada charge Ottawa man for ransomware attacks, signaling that North America is no cybercriminal haven.
E-commerce’s proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale.
The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said.
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.
Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned.
DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike’s arsenal.
Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances.
The flaws, which could enable attackers to disable security and gain kernel-level privileges, affect Amazon WorkSpaces and other cloud services that use USB over Ethernet.
The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.
There’s an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed. UPDATE: This issue is now fixed.
Underground arbitration system settles disputes between cybercriminals.
The malware’s unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it’s closer to $200 million.
Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears.
U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies.
The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned.
It’s unknown who’s behind the cyberattacks against at least nine employees’ iPhones, who are all involved in Ugandan diplomacy.
The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform.
Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes.
Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data.
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!
Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio.
Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found.
Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information.
AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem.
The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.
Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.
Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.
The insurer won’t pay for ‘acts of cyber-war’ or nation-state retaliation attacks.
Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an “exceptional” attack.
Cyberattackers had unfettered access to the technology giant’s file server for four months.
Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.
UPDATE: As of Tuesday, IKEA declined to say whether the cyberattack was still ongoing. IKEA warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.
Attackers are honing Google Play dropper campaigns, overcoming app store restrictions.
The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.
Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself.
Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday.
A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices.
Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.
Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company’s woes.
Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.
That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky.
Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this.
Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.
The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.
Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.
Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.
CloudLinux’s security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
Pen Test Partners didn’t disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said.
The MICROP ransomware spreads via Google Drive and locally stored passwords.
Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.
The bureau’s flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets’ networks.
Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.
Pankaj Gupta, Senior Director at Citrix, outlines how distributed denial of service attacks have become increasingly sophisticated, bigger and economically motivated.
WordPress sites have been splashed with ransomware warnings that are as real as dime-store cobwebs made out of spun polyester.
Lures dressed up to look like movie and TV streaming offers are swiping payment data.
Meanwhile, a Microsoft analysis that followed six Iranian threat actor groups for over a year found them increasingly sophisticated, adapting and thriving.
Threat actors used malicious emails to target more than 125 people with high-profile TikTok accounts in an attempt to steal info and lock them out.
Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out of the FBI’s email system, says it’s just one of a string of jabs from a childish but cybercriminally talented tormentor.
Hank Schless, senior manager of security solutions at Lookout, discusses AbstractEmu, mobile malware found on Google Play, Amazon Appstore and the Samsung Galaxy Store.
The leak included model information, chat messages and payment details.
A politically motivated group is paralyzing Israeli entities with no financial goal – and no intention of handing over decryption keys.
Researchers observed what looks like the Emotet botnet – the “world’s most dangerous malware” – reborn and distributed by the trojan it used to deliver.
An analysis of ransomware attack negotiation-data offers best practices.
CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files.
Malicious groups disable features in Alibaba Cloud ECS instances for Monero cryptojacking, according to Trend Micro researchers.
The alert was mumbo jumbo, but it was indeed sent from the bureau’s
email system, from the agency’s own internet address.
Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.
Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.
Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.
Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft.
Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.
BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities.
Ransomware volumes are up 1000%. Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs , discusses secure email, network segmentation and sandboxing for defense.
Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.
Asset inventories and risk assessments are critical tools in defending against the increasing scourge of ransomware.
A Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector.
A bill introduced this week would regulate ransomware response by the country’s critical financial sector.
To truly achieve operationalized threat intelligence, an investment must be made in an underlying threat intelligence management platform that will enable an organization to harness the power of threat intelligence and translate that threat intelligence into action.
The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.
The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.
UPDATE: Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects what Palo Alto clarified is an estimated 10,000 VPN/firewalls.
PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.
Experts urged users to prioritize patches for Microsoft Exchange and Excel, those favorite platforms so frequently targeted by cybercriminals and nation-state actors.
A U.K. fishing retailer’s site has been hijacked and redirected to Pornhub.
The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021.
The average number of vulnerabilities discovered in a Cyberpion scan of external Fortune 500 networks (such as cloud systems) was 296, many critical (with the top of the scale weighing in at a staggering 7,500).
Yaron Kassner, CTO of Silverfort, delves into the pros and cons of transparency when it comes to cybersecurity tools’ algorithms.
The cyberattacker attempted to extort the company after socially engineering a customer service employee to gain access to email addresses and more.
Researchers discovered 14 vulnerabilities in the ‘Swiss Army Knife’ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks.
The U.S. is seeking the extradition of a Ukrainian man, Yaroslav Vasinskyi, whom they suspect is behind the Kaseya supply-chain attacks and other REvil attacks.
Q3 DDoS attacks topped thousands daily, with more growth expected.
Researchers have uncovered a large, tangled web of infrastructure being used to enable a wide variety of cyberattacks.
Researchers have spotted a second, worldwide campaign exploiting the ManagedEngine SelfServiceAD Plus zero-day: one that’s breached defense, energy and healthcare organizations.
An FBI notification is warning of an uptick in attacks against tribal casinos.
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.
A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.
The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.
NSO Group plans to fight the trade ban, saying it’s “dismayed” and clinging to the mantra that its tools actually help to prevent terrorism and crime.
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.
A fake Steam pop-up prompts users to ‘link’ Discord account for free Nitro subs.
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info.
The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.
The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new “Tortilla” threat actor.
API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.
The former DarkSide cybercriminal group will shut down due to increased pressure from authorities, who may have nabbed a key team member.
Anti-dumping code kept investors from selling SQUID while fraudsters cashed out.
The FBI is warning about a fresh extortion tactic: threatening to tank share prices for publicly held companies.
Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.
‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations.
Stolen access token leveraged in phishing campaign that spoofs brand name email addresses.
An alleged sports content pirate is accused of not only hijacking leagues’ streams but also threatening to tell reporters how he accessed their systems.
The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware.
Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.
Aamir Lakhani, security researcher at Fortinet, says no sector is off limits these days: It’s time for everyone to strengthen the kill chain.
German investigators have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang.
UPDATE: French & Polish authorities found no sign of cryptographic compromise in the leak of the private key used to sign the vaccine passports and to create fake passes for Mickey Mouse and Adolf Hitler, et al.
Grief, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group and has posted files on its dark web site.
The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.
Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.
The kid was busted after abusing Google Ads to lure users to his fake gift card site.
Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure.
A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens.
Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened and secure manner.
Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.
Manipulated Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain “inappropriate content.”
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.
The bold move signals a looming clash between Russian ransomware groups and the U.S.
An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware.
The Nobelium group, linked to Russia’s spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers – and it’s working.
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.
The infamous Carbanak operator is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure “pen-testing” company.
A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.
The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs–across its network of 150 million users, putting corporate workplaces at risk.
Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said.
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.
If AvosLocker stole Gigabyte’s master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production.
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels.
Experts warn that virtual private networks are increasingly vulnerable to leaks and attack.
Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient.
October is Cybersecurity Awareness Month. Make empowering workers to detect and thwart inbox attacks a priority with Trend Micro Phish Insight.
The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in some cloud services.
The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics.
The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again.
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.
An advisory by the CISA, FBI and NSA reveals hallmark tactics of and shares defense tips against the cybercriminal group that’s picked up where its predecessor DarkSide left off.
TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.
Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing ‘security champions’ to help small businesses.
Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass.
A major cyberattack resulted in data being stolen, too, but Sinclair’s not sure which information is now in the hands of the crooks.
The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.
The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.
The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever.
Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.
IPTV and IP video security is increasingly under scrutiny, even by high school kids.
Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.
The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple’s app review process, remains active.
Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times.
The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems.
A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc.
Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains.
Cybercriminals exploited bugs in the world’s largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users.
The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.
Microsoft’s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day.
The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers.
An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others.
The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege escalation.
Effective cyber-incident response means working well with legal. Matt Dunn, associate managing director for cyber-risk at Kroll, lays out how to do it.
The destroyer-class USS Kidd streamed hours of game play in a funny incident that has serious cybersecurity ramifications.
A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails, employees’ emails, and more.
Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust.
The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users.
The little snippet of Python code strikes fast and nasty, taking less than three hours to complete a ransomware attack from initial breach to encryption.
The rare UEFI bootkit drops a fully featured backdoor on PCs and gains the ultimate persistence by modifying the Windows Boot Manager.
An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch’s source code, comments going back to its inception and more.
Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses.
The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.
Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack.
One easily disproved conspiracy theory linked the ~six-hour outage to a supposed data breach tied to a Sept. 22 hacker forum ad for 1.5B Facebook user records.
The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users – then threatened to dox the recipients.
They were all flat on their faces for hours on Monday, throwing off DNS error messages or other server-related errors.
An analysis of second-quarter malware trends shows that threats are becoming stealthier.
A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans.
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.
Experts say the detection delay of 17 months is a colossal security blunder by the retailer.
The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients.
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.
This is the second pair of zero days that Google’s fixed this month, all four of which have been actively exploited in the wild.
RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say.
Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity.
Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby’s death.
The group uses millions of password combos at the rate of nearly 2,700 login attempts per second with new techniques that push the ATO envelope.
Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed.
Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally.
Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users.
The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks.
Apple’s personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS.
The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques.
The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.
Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.
Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers.
The BloodyStealer trojan helps cyberattackers go after in-game goods and credits.
A ‘nearly impossible to analyze’ version of the malware sports a bootkit and ‘steal-everything’ capabilities.
UPDATE: Indicators of compromise are now available. The unredacted RCE exploit released on Monday allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service.
Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.
The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more.
Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.
Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.
It’s not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia.
Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn.
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.
Unauthenticated cyberattackers can also wreak havoc on networking device configurations.
One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.
After news of REvil’s rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in “Hackers Court.”
Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively.
A custom “SparrowDoor” backdoor has allowed the attackers to collect data from targets around the globe.
Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.
Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.
Domain names are often brands’ most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.
Discovery of BulletProofLink—which provides phishing kits, email templates, hosting and other tools—sheds light on how wannabe cybercriminals can get into the business.
It’s the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.
The issue lies in a parental-control function that’s always enabled by default, even if users don’t configure for child security.
All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.
A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments.
UPDATE: Malicious actors are already scanning honeypots, looking for servers vulnerable to the critical arbitrary file upload flaw in vCenter servers’ Analytics service.
The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.
The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime.
“Time to find out who in your family secretly ran … [a] QAnon hellhole,” said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.
Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.
“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.
Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities – some even years old.
Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.
Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits.
Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do.
Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.
Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.
With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier’s U.S. network — all the way from Pakistan.
Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.
A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom.
John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil’s servers went belly-up on July 13.
Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,
A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.
Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said.
Two of IBM’s aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw.
Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site.
Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit.
Saryu Nayyar, CEO at Gurucul, peeks into Mitre’s list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers.
The well-known banking trojan retools for stealth with a whole new attack routine, including using ads for Microsoft TeamViewer and Zoom to lure victims in.
The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year.
Imperva’s Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws.
A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans.
The incident that occurred Sept. 8 and affected its EMEA IT systems seems to signal a return to business as usual for ransomware groups.
Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.
How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and “That’s how we sh*t ourselves.”
WhatsApp’s moderators sent messages flagged by intended recipients. Researchers say this isn’t concerning — yet.
Aamir Lakhani, researcher at FortiGuard Labs, explains why organizations must extend cyber-awareness training across the entire enterprise, from Luddites to the C-suite.
The security vulnerability can be exploited with a malicious CSV file.
The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say.
Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future.
Record-breaking distributed denial of service attack targets Russia’s version of Google – Yandex.
The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it ‘the most feature-rich Android malware on the market.’
With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home.
Here are five recommendations for securing your home office.
Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks.
They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit.
Usernames, passwords for database sent in prize redemption emails.
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.
A chain of exploits could allow a malicious Azure user to infiltrate other customers’ cloud instances within Microsoft’s container-as-a-service offering.
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers.
An authentication bypass vulnerability in the ManageEngine ADSelfService Plus platform leading to remote code execution offers up the keys to the corporate kingdom.
Pro-Kurd Facebook profiles deliver ‘888 RAT’ and ‘SpyNote’ trojans, masked as legitimate apps, to perform mobile espionage.
There are a lot of "tells" that the ransomware group doesn’t understand how negotiators work, despite threatening to dox data if victims call for help.
Justin Jett, director of audit and compliance at Plixer, discusses how to effectively use network flow data in the fight against ransomware.
Australian immunization app bug lets attackers fake vaccine status.
The attackers are indiscriminately striking thousands of victims worldwide with their new “Chimaera” campaign.
Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files.
Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help.
The Demon’s Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks.
Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.
The privacy-touting, end-to-end encrypted email provider erased its site’s “we don’t log your IP” boast after France sicced Swiss cops on it.
A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.
Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to “What are we doing right?” instead of the constant reminders of what’s not working in fending off threats.
Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack.
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.
Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.
The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider.
Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.
An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.
The FTC’s first spyware ban nixes a company whose “slipshod” security practices led to exposure of thousands of victims’ illegally collected personal data.
The BrakTooth set of security vulnerabilities impacts at least 11 vendors’ chipsets.
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.
There’s proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn’t seen any malicious exploit yet.
David Stewart, CEO, Approov, discusses the top mobile attack routes the bad guys use and the best defenses organizations can deploy against them.
Users should be careful whose pics they view and should, of course, update their apps.
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.
IoT vulnerabilities turned the remote into a listening device, researchers found, which impacted 18 million Xfinity customers.
Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned.
The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack.
Cybercrooks are posting help-wanted ads on dark web forums, promising to do the technical work of compromising email accounts but looking for native English speakers to carry out the social-engineering part of these lucrative scams.
Threat actors recently have used long holiday weekends — when many staff are taking time off — as a prime opportunity to ambush organizations.
A pair of unpatched security vulnerabilities can allow unauthenticated cyberattackers to turn off window, door and motion-sensor monitoring.
Cream is latest DeFi platform to get fleeced in rash of attacks.
Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.
The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.
Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them.
Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.
HPE joins Apple in warning customers of a high-severity Sudo vulnerability.
Army looking for AI to layer over daycare CCTV to boost ‘family quality of life.’
In part one of a two-part series, Akamai’s director of security technology and strategy, Tony Lauro, lays out what orgs need to know to defend against account takeover attacks.
The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims’ personal information, sensitive company data and more.
The airline announced the breach on Thursday, and the ransomware gang started a countdown clock the next day.
John Binns, claiming to be behind the massive T-Mobile theft of >50M customer records, dissed the security measures of the US’s No. 2 wireless biggest carrier. T-Mobile is “humbled,” it said, announcing new partnerships with security heavyweights on Friday.
Firm offers guidance on how to mitigate a five-months-old privilege escalation bug impacting Parallels Desktop 16 for Mac and all previous versions.
Amazon, Google, Microsoft etc. making major commitments to shore up nation’s cyber-defenses just won’t be enough, researchers say.
Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It’s not achieving visibility.
The latest refinement of the APT’s BadHatch backdoor can leverage new malware on the fly without redeployment, making it potent and nimble.
It’s unclear if Microsoft customers were breached during the months-long period where the #ChaosDB bug in Jupyter Notebooks was exploitable.
The cybercriminal group, active since late 2019, has closed its doors and released the key to unlocking victims’ files on its dark web portal.
Modern vulnerability management programs require a strategy that defines what success means for your organization’s cybersecurity goals. By incorporating a few simple cyber hygiene routines to your daily security routine, you’ll set up your IT teams to be better equipped to steer off cyberattacks.
Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells.
Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin.
The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode.
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2021.
versions of the software are affected by a spate of bugs under active exploitations.
Networking giant issues two critical patches and six high-severity patches.
Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights.
The new APT uses an undocumented backdoor to infiltrate the education, retail and government sectors.
Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials.
The attacker returned the loot after being offered a gig as chief security advisor with Poly Network.
Cybersecurity watchdog Citizen Lab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple’s new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time.
Researchers have spotted the latest version of the Triada trojan targeting mobile devices via an advertising SDK.
Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers’ infrastructure.
Data leaked includes COVID-19 vaccination records, Social Security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.
So much for Windows 10’s security: A zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. UPDATE: Microsoft is investigating.
Joseph Carson, chief security scientist & advisory CISO at ThycoticCentrify, discusses how to implement advanced privileged-access practices.
Multiple vulnerabilities in software used by 65 vendors under active attack.
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization’s network.
Hopefully not a hacked-up hairball of a “no can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.
The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.
COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors.
Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems.
The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads.
Attackers stole tens of millions of current, former or prospective customers’ personal data, the company confirmed. It’s providing 2 years of free ID protection.
The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.
Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.
The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch this week.
The botnet cryptominer has already compromised 1,000-plus clouds since June.
Nate Warfield, CTO of Prevailion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working.
Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.
A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.
A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement.
Computing giant tries to reassure users that the tool won’t be used for mass surveillance.
Exchange downtime can have serious implications on businesses. Thus, it’s important to maintain backups and implement best practices for Exchange servers that can help restore the Exchange server when a disaster strikes with minimal impact and downtime.
Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not payouts to crooks.
Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets.
The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites.
UPDATE: T-Mobile confirmed the breach, but hasn’t confirmed whether customer data was involved. The offer: 30m records for ~1 penny each, with the rest being sold privately.
Amazon is considering rolling out keyboard-stroke monitoring for its customer-service reps.
CAPTCHA-protected malicious URLs are snowballing lately, researchers said.
That’s what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it?
There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs.
The Pakistan-linked threat group’s campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea.
Illicit underground marketplace relaunches years after takedown.
Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53’s DNS service and Google Cloud DNS.
A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren’t recognized by Apple’s built-in security controls.
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology’s trust relationship with users.
The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July – and ransomware attacks.
081321 08:42 UPDATE: Accenture sent an internal memo confirming that attackers stole client information & work materials in a July 30 “incident.”
Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted.
Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix.
The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said.
Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours.
In one of the largest cryptocurrency hacks to date, cyberattackers reportedly stole millions from the decentralized finance (DeFi) platform Poly Network.
John Deere security bugs could allow cyberattackers to damage crops, surrounding property or even people; impact harvests; or destroy farmland for years.
Microsoft’s August 2021 Patch Tuesday addressed a smaller set of bugs than usual, including more Print Spooler problems, a zero-day and seven critical vulnerabilities.
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendors’ devices that are common in SOHO setups.
The dangerous malware has been rapidly developed since June and could be released into the wild soon.
Is fuzzing for the cybersec elite, or should it be accessible to all software developers? FuzzCon panelists say join the party as they share fuzzing wins & fails.
A dump of hundreds of thousands of active accounts is aimed at promoting AllWorld.Cards, a recently launched cybercriminal site for selling payment credentials online.
Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings.
Researchers demonstrated the power deep neural networks enlisted to create a bot army with the firepower to shape public opinion and spark QAnon 2.0.
A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks.
Coupon codes for Netlifx or Google AdWords? Voting for the best football team? Beware: Malicious apps offering such come-ons could inflict a new trojan.
The biggest challenge for security teams today is the quality of the threat intelligence platforms and feeds. How much of the intel is garbage and unusable? Threat intelligence process itself spans and feeds into many external and internal systems and applications. Without actionable data, it is impossible to understand the relevance and potential impact of a threat. Learn how Threat Intelligence management plays a role to help prioritize and act fast.
The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process.
Prior to a patch, a serious bug could have allowed attackers to take over Kindles and steal personal data.
Security researchers warned that at least 8,800 vulnerable systems are open to compromise.
Zoom’s security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup.
The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.
Day two Black Hat keynote by CISA Director Jen Easterly includes launch of private-public partnership with Amazon, Google and Microsoft to fight cybercrime.
Out of eight agencies, four were given D grades in a report for the Senate, while the Feds overall got a C-.
Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.
Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera.
IBM X-Force detailed the custom-made “LittleLooter” data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof.
Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.
A researcher was able to remotely control the lights, bed and ventilation in “smart” hotel rooms via Nasnos vulnerabilities.
We’re selfish if we’re only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let’s be like doctors battling COVID and work for herd immunity.
Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.
Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020.
Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.
The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.
An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.
Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware.
Mass email distribution service compromise mirrors earlier Nobelium attacks.
Agency warns attackers targeting teleworkers to steal corporate data.
A July 9th attack disrupted service and taunted Iran’s leadership with hacked screens directing customers to call the phone of Iranian Supreme Leader Khamenei with complaints.
Employee email takeover exposed personal, medical data of students, employees and patients.
There are patches or remediations for all of them, but they’re still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do?
Authorities opened an investigation into the secretive Israeli security firm.
Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them.
They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling.
Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON.
Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.
No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich.
Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.
Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.
Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure.
A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin.
Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked.
Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection.
Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations.
Targets of Discord malware expand far beyond gamers.
Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today.
Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment.
The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it’s unclear if the ransom was paid.
Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn.
The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease.
The software-engineering platform is urging users to patch the critical flaw ASAP.
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms.
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.
A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems.
In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass.
Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change.
Misconfigured permissions for Argo’s web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.
Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware.
Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic and how it correlates to ransomware attacks in the news.
Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes.
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others.
Deep-pocketed clients’ customers & suppliers could be in the attacker’s net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM.
Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches.
The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode.
Advanced EASM solutions are crucial to automating the discovery of the downstream third-party (or fourth-party, or fifth-party, etc.) IT infrastructures that your organization is exposed to, and may be vulnerable to attack, posing a critical risk for your organization.
The newly documented code is a full-service malware-delivery threat that’s spreading indiscriminately globally through paid search ads.
Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil’s servers went up in smoke.
A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected.
Hackers are stealing the identities of those lost in the condo-collapse tragedy.
Podcast: Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks.
The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians — possible targets of iPhone and Android hacking.
HelloKitty joins the growing list of ransomware bigwigs going after the juicy target of VMware ESXi, where one hit gets scads of VMs.
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.
Curtis Simpson, CISO at Armis, discusses the top qualities that all CISOs need to possess to excel.
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.
Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world.
Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover.
The popular e-commerce platform for WordPress has started deploying emergency patches.
First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app.
SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack.
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.
Ukrainian cops seize PlayStation 4 consoles, graphics cards, processors and more in cryptomining sting involving alleged electricity theft.
The gang is using a new brute-forcer – “Diicot brute” – to crack passwords on Linux-based machines with weak passwords.
Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks.
The attackers have spruced up the ‘vncDll’ module used for spying on targets and stealing data.
The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners.
A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-recognition aspect of the system.
Microsoft tackles 12 critical bugs, part of its July 2021 Patch Tuesday roundup, capping a ‘PrintNightmare’ month of headaches for system admins.
Just days after President Biden demanded that Russian President Putin shut down ransomware groups, the servers of one of the biggest groups mysteriously went dark.
An attack on Guess compromised the personal and banking data of 1,300 victims.
The ‘ModiPwn’ bug lays open production lines, sensors, conveyor belts, elevators, HVACs and more that use Schneider Electric PLCs.
Adobe July patch roundup includes fixes for its ubiquitous and free PDF reader Acrobat 2020 and other software such as Illustrator and Bridge.
Professors, journalists and think-tank personnel, beware strangers bearing webinars: It’s the focus of a particularly sophisticated, and chatty, phishing campaign.
Matt Dunn, associate managing director in Kroll’s Cyber Risk practice, discusses options for securing RDP, which differ significantly in terms of effectiveness.
Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the ransomware scourge rages on.
Microsoft alerted the company to a security vulnerability in its Serv-U Managed File Transfer and Secure FTP products that a cyberattacker is using to target a “limited” amount of customers.
The malware has targeted Chinese gambling sites with fake app installers.
The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.
The attacks are enabled by a (fixed) vulnerability in ForgeRock’s Access Management, a popular platform that front-ends web apps and remote-access setups.
The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers.
Cybersecurity is one of the most important topics on the global agenda, boosted by the pandemic. As the global digitalisation is further accelerating, the world is becoming ever more interconnected. Digital ecosystems are being created all around us: countries, corporations and individuals are taking advantage of the rapid spread of the Internet and smart devices. In this context, a single vulnerable link is enough to bring down the entire system, just like the domino effect.
Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.
The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more.
Notorious North Korean APT impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware.
A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs.
The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data.
Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis.
Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and to intercept data.
Threat actors enlist compromised WordPress websites in campaign targeting macOS users.
The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers’ bank-card data.
Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe.
David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an enterprise through them.
At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.
The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.
The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users’ profiles defaced. Next, hackers posted its user database online.
The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.
Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.
REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.
Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.
Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.
After focusing almost exclusively on delivering ransomware for the past year, the code changes could indicate that TrickBot is getting back into the bank-fraud game.
The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military.
Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry.
CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that don’t print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment.
Criminals behind the potent REvil ransomware have ported the malware to Linux for targeted attacks.
Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs, explains the rise of RaaS and the critical role of threat intel in effectively defending against it.
LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline.
The gang’s source code is now available to rivals and security researchers alike – and a decryptor likely is not far behind.
Data leaks are a serious concern for companies of all sizes; if one occurs, it may put them out of business permanently. Here’s how you can protect your organization from data theft.
A refined database of 88K U.S. business owners on LinkedIn has been posted in a hacker forum.
Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials.
The IndigoZebra APT is targeting the Afghan government using Dropbox as an API that leaves no traces of communications with weirdo websites.
The self-propagating malware’s attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines.
Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior.
Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.
The “PrintNightmare” bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code-execution attacks.
A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people’s privacy and avoid inaccurate identification
The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack.
The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.
Disclosure of a bug in Adobe’s content-management solution – used by Mastercard, LinkedIn and PlayStation – were released.
The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.”
After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it’s happened again – with big security ramifications.
A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).
A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.
American IT companies and government have been targeted by the Nobelium state-sponsored group.
The driver, called “Netfilter,” is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers’ geo-locations to cheat the system and play from anywhere, Microsoft said.
Saryu Nayyar, CEO at Gurucul, goes over what defenses CISOs need now, and how and why to prioritize the options.
For over three years, a vendor was recklessly driving the cloud-stored data of luxury-car-owning customers and wannabe buyers.
Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network.
One of the Carbanak cybergang’s highest-level hackers is destined to serve seven years while making $2.5 million in restitution payments.
In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.
“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There’s an exploit.
Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.
The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.
The infamous ransomware group hit two big-name companies within hours of each other.
Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit.
The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.
A May 6 ransomware attack caused disruption across several of the municipality’s online services and websites.
A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.
Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.
DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.
Akamai’s 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.
Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.
The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts — with no patches in sight.
Company finally rolls out the complete fix this week for a flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.
BEC attacks getting are more dangerous, and smart users are the ones who can stop it.
These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications.
A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.
One in five of the most-popular apps for kids under 13 on Google Play don’t comply with COPPA regulations on how children’s information is collected and used.
“No remedy available as of June 21, 2021,” according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.
Illinois Supreme Court rules in favor of class action against company’s practice of scanning people’s fingers when they enter amusement parks.
Cleanup in aisle “Oops”: The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny.
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.
Approximately 38,000 of RBA’s customers had their embryology data stolen by a ransomware gang.
An unsophisticated campaign shows that the pandemic still has long legs when it comes to being social-engineering bait.
… until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not.
What’s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?
This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks.
Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.
Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.
A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.
Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.
The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.
An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft’s native email controls.
A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.
An hour-long outage hit airlines, banks and the Hong Kong Stock exchange. It’s thought to have been caused by a DDoS mitigation service.
A French court fined the furniture giant for illegal surveillance on 400 customers and staff.
Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said they were hit by a second attack.
Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter.
The top easy-to-crack, football-inspired password in a database of 1 billion unique, clear-text, breached passwords? You probably guessed it: “Football.”
Ransomware attacks are increasing in frequency, and the repercussions are growing more severe than ever. Here are 5 ways to prevent your company from becoming the next headline.
Ransomware group releases decryptors for nearly 3,000 victims, forfeiting millions in payouts.
Ransomware gangs are increasingly buying their way into corporate networks, purchasing access from ‘vendors’ that have previously installed backdoors on targets.
An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.
A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.
SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware.
Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations.
Forcepoint’s Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk, particularly with pandemic-expanded network perimeters.
Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real.
Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles.
Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited.
Utilities’ vulnerability to application exploits goes from bad to worse in just weeks.
Attackers could have used the bug to get read/write privileges for a victim user’s email, Teams chats, OneDrive, Sharepoint and loads of other services.
An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.
Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.
A trio of security flaws open the door to remote-code execution and a malware tsunami.
Purchase automation software delivered shortened URLs without protections.
“We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)” REvil reportedly wrote.
CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer.
There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.
Raft of other proprietary game data and related software and developer kits also pilfered in the unspecified attack, which the company is investigating.
The group, known for masquerading as various APT groups, is back with a spate of attacks on U.S. companies.
Google has patched its Chrome browser, fixing one critical cache issue and a second bug being actively exploited in the wild.
The desktop conferencing IoT gadget allows remote attackers to install all kinds of malware and move laterally to other parts of enterprise networks.
Misconfigured dashboards are yet again at the heart of a widespread, ongoing cryptocurrency campaign squeezing Monero and Ethereum from Kubernetes clusters.
Emerging malware is lurking in Steam profile images.
The decision to pay the ransom demanded by the cybercriminal group was to avoid any further issues or potential problems for its customers, according to the company’s CEO.
A nameless malware resulted in a huge data heist of files, credentials, cookies and more that researchers found collected into a cloud database.
The higher-rated advisories focus on privilege-escalation bugs in CPU firmware: Tough to patch, hard to exploit, tempting to a savvy attacker.
Attackers accessed a VPN account that was no longer in use to freeze the company’s network in a ransomware attack whose repercussions are still vibrating.
Researchers discovered a highly targeted malware campaign launched in April, in which a new, unknown threat actor used two of the vulnerabilities that Microsoft said are under active attack.
Socially engineered BEC attacks using X-rated material spike 974 percent.
A Latvian malware developer known as “Max” has been arraigned on 19 counts related to fraud, identity theft, information theft and money laundering.
Google’s June security bulletin addresses 90+ bugs in Android and Pixel devices.
The FBI and Australian law enforcement set up the encrypted chat service and ran it for over 3 years, seizing weapons, drugs and over $48m in cash.
Security teams should brace for an unsettling and unprecedented year, as we’re on pace to see 40 billion records compromised by the end of 2021. Imperva’s Terry Ray explains what security teams need to do to bolster their defenses.
The cybercriminals try to pin new ransomware on Babuk Locker in an effort to fly under the radar of an ongoing FBI investigation.
The tables have been turned, the FBI & DOJ said after announcing the use of blockchain technology to track down the contents of DarkSide’s cryptocurrency wallet.
Malicious apps make up 2 percent of top grossing apps in Apple App Store.
Researchers said the malware has been under development for at least three years.
“Siloscape”, the first malware to target Windows containers, breaks out of Kubernetes clusters to plant backdoors and raid nodes for credentials.
Cox Media Group tv, radio station streams affected by a reported ransomware attack.
Judges rule that Georgia police officer did not violate CFAA when he accessed law-enforcement data in exchange for bribe money, a ruling that takes heat off ethical hackers.
The REvil ransomware gang is interviewed on the Telegram channel called Russian OSINT.
Unprotected server exposes AMT Games user data containing user emails and purchase information.
The crooks pay top dollar for Google search results for the popular AnyDesk, Dropbox & Telegram apps that lead to a malicious, infostealer-packed website.
REvil threat actors may be behind a set of PowerShell scripts developed for encryption and weaponized to exploit vulnerabilities in corporate networks, the ransom note suggests.
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, discusses best practices for securing healthcare data against the modern threat landscape.
In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline.
In this Threatpost podcast, Forcepoint’s SASE and Zero Trust director describes how the pandemic jump-started SASE adoption.
FinTech fraud spikes 159 percent in Q1 2021 along with stimulus spending.
Responsible nations don’t harbor cybercrooks, the Biden administration admonished Russia, home to the gang that reportedly froze the global food distributor’s systems.
Diana Lebeau allegedly tried to trick candidates for public office and related individuals into giving up account credentials by impersonating trusted associates and the Microsoft security team.
On June 8, Amazon’s pulling all its devices into a device-to-device wireless mix, inspiring FUD along the way. Now’s the time to opt out if you’re be-FUDdled.
Companies relying on their cyber-insurance policies to pay off ransomware criminals are being blamed for a recent uptick in ransomware attacks.
Some criminals package exploits into bundles to sell on cybercriminal forums years after they were zero days, while others say bounties aren’t enough .
Mobile ad fraud has always been a challenge for network operators in all parts of the globe, but the pandemic has made users more vulnerable than ever before due to the sheer amount of time they now spend with their devices.
Global food distributor JBS Foods suffered an unspecified incident over the weekend that disrupted several servers supporting IT systems and could affect the supply chain for some time.
Not all ransomware is the same! Oliver Tavakoli, CTO at Vectra AI, discusses the different species of this growing scourge.
Spoofed CIO ‘pandemic guideline’ emails being used to steal credentials.
The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary.
Microsoft uncovered the SolarWinds crooks using mass-mail service Constant Contact and posing as a U.S.-based development organization to deliver malicious URLs to more than 150 organizations.
Justin Jett, director of audit and compliance for Plixer, discusses the elements of a successful advanced security posture.
Malicious ad campaign was able to rank higher in searches than legitimate AnyDesk ads.
Tech giant disables ProjectWEB cloud-based collaboration platform after threat actors gained access and nabbed files belonging to several state entities.
David Wolpoff, CTO at Randori, argues that the call for rapid cloud transition Is a dangerous proposition: “Mistakes will be made, creating opportunities for our adversaries.
Researchers found flaws most of the ‘popular’ PDF applications tested.
VMware’s virtualization management platform, vCenter Server, has a critical severity bug the company is urging customers to patch “as soon as possible”.
The website for “BravoMovies” features fake movie posters and a FAQ with a rigged Excel spreadsheet for “cancelling” the service, but all it downloads is malware.
‘Privateers’ aren’t necessarily state-sponsored, but they have some form of government protection while promoting their own financially-motivated criminal agenda, according to Cisco Talos.
Threat hunters weigh in on how the business of ransomware, the complex relationships between cybercriminals, and how they work together and hawk their wares on the Dark Web.
The group is using ransomware intended to make its espionage and destruction efforts appear financially motivated.
The security vendor’s network management and threat protection station can open the door to code execution, DoS and potential PC takeovers.
Dale Ludwig, business development manager at Cherry Americas, discusses advances in hardware-based security that can enhance modern cyber-defenses.
The consumer-electronics stalwart was able to recover without paying a ransom, it said.
One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again.
Security researchers at Jamf discovered the XCSSET malware exploiting the vulnerability, patched in Big Sur 11.4, to take photos of people’s computer screens without their knowing.
British regulators ruled that Amex sent 4 million nuisance emails to opted-out customers.
A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners.
An FBI employee allegedly made off with top-secret documents, keeping them in her home for more than a decade.
A shadow court system for hackers shows how professional ransomware gangs have become.
Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses the elements involved in creating a modern SIEM strategy for remote work and cloud-everything.
The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in.
Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn’t actually encrypt.
Several mobile apps, some with 10 million downloads, have opened up personal data of users to the public internet – and most aren’t fixed.
Enterprises are embracing on-demand freelance help – but the practice, while growing, opens up entirely new avenues of cyber-risk.
On Wednesday, Google quietly slipped updates into its May 3 Android security bulletin for bugs that its Project Zero group has confirmed are zero-days.
The time that attackers stay hidden inside an organization’s networks is shifting, putting pressure on defenders and upping the need to detect and respond to threats in real-time.
Company is using threat of attacks as defense in case brought against it by Epic Games after Fortnite was booted from the App Store for trying to circumvent developer fees.
Work’s being done with uber-lightweight nanoagents on every IoT device to stop malicious behavior, such as a scourge of botnet attacks, among other threats.
Attackers sent 52M malicious messages leveraging the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage in Q1 2021.
The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities.
The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft’s Patch Tuesday release last week.
Customers panic and question parent company Anker’s security and privacy practices after learning their home videos could be accessed and even controlled by strangers due to a server-upgrade glitch.
Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh.
Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed.
Anurag Kahol, CTO at Bitglass, discusses options for detecting malicious or dangerous activity from within an organization.
Separate attacks last week on the country’s Department of Health and Health Service Executive forced the shutdown of networks and services that still haven’t been fully restored.
You can’t possibly patch all CVEs, so focus on the exploits crooks are willing to pay for, as tracked in a study of the underground exploit market.
The latest Magecart iteration is finding success with a new PHP web shell skimmer.
Keynoters from Cisco, Netflix and RSA highlighted lessons from the last year, and cybersecurity’s new mandate in the post-pandemic world: Bounce back stronger.
The criminal forum washed its hands of ransomware after DarkSide’s pipeline attack & alleged shutdown: A “loss of servers” that didn’t stop another attack.
The advanced Brazilian malware has gone global, harvesting bank logins from Android mobile users.
Pandemic and evolving IT demands are having a major, negative impact on CISOs’ mental health, a survey found.
The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines.
The RaaS that crippled Colonial Pipeline lost the servers it uses to pull off ransomware attacks, while REvil’s gonads shrank in response.
A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor.
The DBIR – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers.
Ransomware attackers are now demanding cash from the customers of victims too.
Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting.
According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key.
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships.
Tony Lauro, director of security technology and strategy at Akamai, discusses hardware security dongles and using phones to act as surrogates for them.
The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads.
The ‘Send My’ exploit can use Apple’s locator service to collect and send information from nearby devices for later upload to iCloud servers.
According to Keeper Security’s Workplace Password Malpractice Report, many remote workers aren’t following best practices for password security.
FBI/CISA warn about the RaaS network behind the Colonial hack, Colonial restarts operations, and researchers detail groups that rent the ransomware.
Paper ballots and source-code transparency are recommended to improve election security.
A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required.
Argyle is paying workers to help hack payroll providers, researchers suspect.
Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they’re in range.
Malware first observed in Italy can steal victims’ credentials and SMS messages as well as livestream device screens on demand.
Microsoft’s May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities.
GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords.
A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.
An ingenious attack on Android devices self-propagates, with the potential for a range of damage.
Aamir Lakhani, researcher at FortiGuard Labs, discusses leading-edge threats related to edge access/browsers/IoT, and the COVID-19 vaccine, as a way of getting into larger organizations.
Analyst finds ransomware evidence, despite a contractor’s denial of compromise.
Statement by the ransomware gang suggests that the incident that crippled a major U.S. oil pipeline may not have exactly gone to plan for overseas threat actors.
Security researchers mull possible perpetrators of the attack, and warned that the incident could be a harbinger of things to come.
The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh attacks against North American targets.
Colonial Pipeline says it is the victim of a cyberattack that forced the major provider of liquid fuels to the East Coast to temporarily halted all pipeline operations.
U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem.
NY’s AG: Millions of fake comments – in favor and against – came from a secret broadband-funded campaign or from a 19-year-old’s fake identities.
A malicious app can exploit the issue, which could affect up to 30 percent of Android phones.
The networking giant has rolled out patches for remote code-execution and command-injection security holes that could give attackers keys to the kingdom.
The student opted for “free” software packed with a keylogger that grabbed credentials later used by “Totoro” to get into a biomolecular institute.
A large-scale incident earlier this week against Belnet and other ISPs has sent a wave of internet disruption across numerous Belgian government, scientific and educational institutions.
PandaStealer is delivered in rigged Excel files masquerading as business quotes, bent on stealing victims’ cryptocurrency and other info.
‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in.
Remote code execution, privilege escalation to root and lateral movement through a victim’s environment are all on offer for the unpatched or unaware.
On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child.
‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.
The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.
The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.
On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.
The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009.
Jason Kent, hacker in residence at Cequence Security, says most retailers are applying 1970s solutions to the modern (and out-of-control) shopping-bot problem, and offers alternative ideas.
An intense hunt for corporate account credentials will continue into next quarter, researchers predict.
The San Diego-based hospital system diverted ambulances to other medical centers after a suspected ransomware attack.
The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks against chip architecture? It’s bound for the dustbin.
Researchers warned that unpatched versions of HPE’s Edgeline Infrastructure Manager are open to remote authentication-bypass attacks.
New deepfake products and services are cropping up across the Dark Web.
It’s coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground.
The stealthy backdoor is likely being used by Chinese APTs, researchers said.
The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”.
Oliver Tavakoli, CTO of Vectra AI, discusses the differences between the massive supply-chain hack and the Exchange zero-day attacks, and their legacy and ramifications for security professionals.
Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.
The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they’ll be open-sourcing their data encryption malware for other crooks to use.
The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.
Researchers fear wider exposure, amidst a tepid response from Experian.
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations.
Sorry, we’ve upchucked your COVID test results and other medical and personal data into public GitHub storage buckets, the Wyoming Department of Health said.
The perp faces jail time, but the incident highlights the growing cyber-abuse of QR codes.
There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations’ SaaS apps.
Information stolen in April 10 ransomware attack was posted on a dark web portal and includes private documents not published as part of public records.
SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug.
The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities.
Two phishing attacks elude Exchange security protections and spoof real-life account scenarios in an attempt to fool victims.
Nintendo is questing after its third successful lawsuit against circumvention-device sellers, this time against Team Xecuter.
The information-disclosure flaw allows KASLR bypass and the discovery of additional, unpatched vulnerabilities in ARM devices.
Phil Richards, Chief Security Officer at Ivanti, discusses dramatic growth in smishing and what to do about it.
The RaaS developers thumbed their noses at police, saying “We find 0 day before you.”
A variant of Mac No. 1 threat Shlayer since January already has been exploiting the vulnerability, which allows payloads to go unchecked through key OS security features.
The malware is spreading rapidly through ‘missed package delivery’ SMS texts, prompting urgent scam warnings from mobile carriers.
The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks.
Judas and the Black Messiah may be a favorite for Best Picture at the 93rd Academy Awards on Sunday, but it’s a fave for cybercriminals too.
The malware is for now using exploits for the Microsoft Exchange “ProxyLogon” security bugs to install Monero-mining malware on targets.
Matt Dunn, the associate managing director for cyber-risk at Kroll, discusses how to keep networks safe from insecure IoT devices.
The notorious cybercrime gang could make out whether or not Apple pays the $50 million ransom by May 1 as demanded.
The ransomware is upping its danger quotient with new features while signaling a rebranding to “AstroLocker.”
In this Threatpost podcast Fortinet’s top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth.
Even if the app is not installed or in use, threat actors can use it to spread malware through email campaigns and take over victims’ machines, new research has found.
You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN’s Cyber Risk Index puts North American and Northern European countries at the top of the target list.
David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved “fixme” flags in developer support groups.
Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan.
CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.
Data-breach risk should be tackled with a toolset for monitoring data in motion and data at rest, analysis of user behavior, and the detection of fraud and weak spots.
Attacks dubbed ‘Fajan’ by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact.
The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.
The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website.
The malware seems like a silly coding lark at first, but further exploration shows it can wreak serious damage in follow-on attacks.
Our new eBook goes beyond the status quo to take a look at the evolution of ransomware and what to prepare for next.
Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses climate change and the cyber-resilience lessons companies should take away from dealing with the pandemic.
Two cyberattack campaigns are making the rounds using unique social-engineering techniques.
A malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality.
Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more.
Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections.
The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.
A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said.
The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.
The vulnerability is triggered when a cloud container pulls a malicious image from a registry.
Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.
In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand.
Joseph Carson, chief security scientist at Thycotic, discusses the death of data privacy and what comes next.
Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.
Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack.
How this class of vulnerabilities will impact millions connected devices and potentially wreck the day of IT security professionals.
Researchers measured 648 new malware threats every minute during Q4 2020.
Crooks are looking to harvest email credentials with a savvy campaign that uses the Typeform service to host the phishing page.
The security bugs could open the door for arbitrary code-execution and full takeover of targeted machines.
An update to Google’s browser that fixes the flaw is expected to be released on Tuesday.
Clubhouse denies it was ‘breached’ and says the data is out there for anyone to grab.
A man caught in an FBI sting allegedly said he wanted to destroy “70 percent of the internet” by going after the tech giant’s data centers.
Hank Schless, senior security solutions manager at Lookout, discusses how to secure remote working via mobile devices.
Attackers are filling out and submitting web-based “contact us” forms, thus evading email spam filters.
Allegedly perv college coach charged with cyberstalking and extorting nudes from his female athletes.
The database was subsequently leaked elsewhere, imperiling consumers from the U.S. and around the world.
Justin Jett, director of audit and compliance for Plixer, discusses the transformation of network-traffic analytics and what it means for cybersecurity now.
Like the Facebook incident earlier this week, the information — including user profile IDs, email addresses and other PII — was scraped from the social-media platform.
Cybercriminals are encouraging users to send the “offers” via WhatsApp to their friends as well.
Cisco says it will not patch three small business router models and one VPN firewall device with critical vulnerabilities.
A widespread email campaign using malicious Microsoft Excel attachments and Excel 4 macros is delivering IcedID at high volumes, suggesting it’s filling the Emotet void.
Microsoft’s cloud-container technology allows attackers to directly write to files, researchers said.
Industrial enterprises in Europe are target of campaign, which forced a shutdown of industrial processes in at least one of its victims’ networks, according to researchers.
One Discord network search turned up 20,000 virus results, researchers found.
Saryu Nayyar, CEO at Gurucul, discusses the new Cold War and the potential for a cyberattack to prompt military action.
The wormable malware spread from Android to Android by sending messages offering free Netflix Premium for 60 days.
The flaw that caused the leak of personal data of more than 533 million users over the weekend no longer exists; however, the social media giant still faces an investigation by EU regulators.
CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain.
A massive operation offers access to hacked camera feeds in bedrooms and at hotels.
Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further.
New details of negotiation between attackers and officials from Broward County Public Schools emerge after a ransomware attack early last month.
An estimated 32 million, of the half-billion of Facebook account details posted online, were tied to US-based accounts.
Researchers said the FoundCore malware represents a big step forward when it comes to evasion.
Fake job offers lure professionals into downloading the more_eggs backdoor trojan.
The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached.
Aamir Lakhani, cybersecurity researcher for Fortinet’s FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it.
In this roundtable, security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.
Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon.
Activision is warning that cyberattackers are disguising malware — a remote-access trojan (RAT) — in cheat programs.
John Hammond, security researcher with Huntress, takes a deep-dive into a stager’s technical and coding aspects.
Attackers are impersonating the stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files.
A vast majority of companies in a global survey from Microsoft report being a victim of a firmware-focused cyberattack, but defense spending lags, but defense spending lags.
Some legacy models of QNAP network attached storage devices are vulnerable to remote unauthenticated attacks because of two unpatched vulnerabilities.
The ransomware gang exfiltrated 40 gigabytes of data from the fashion house, including HR and salary details.
Chris Hass, director of information security and research at Automox, discusses how to shore up cybersecurity defenses and what to prioritize.
Cyberattackers have set up a website for a fake company called SecuriElite, as well as associated Twitter and LinkedIn accounts.
Google’s Pixel and Apple’s iPhone both in privacy hot seat for siphoning mobile device data without consent.
The Cart Crasher gang is testing stolen payment cards while cleaning ill-gotten funds.
Telecommuting social-media manager for the U.S. Strategic Command left the laptop open and unsecured while stepping away.
Researchers uncover a credential-stealing campaign targeting genetic, neurology and oncology professionals.
Ziggy joins Fonix ransomware group and shuts down, with apologies to targets.
Publicly available cloud images are spreading Monero-mining malware to unsuspecting cloud developers.
Current and former administration sources say the nation-state attackers were able to read the Homeland Security Secretary’s emails, among others.
A class-action suit in Florida accuses the tech giant of unlawfully intercepting communications by using session-replay software to capture the interaction of people visiting the corporate homepage Intel.com.
Predator-ranked players on Xbox console game version rigged matches with DDoS attacks.
There could be more than immediately meets the eye with this targeted attack group.
The server for the web-application scripting language was compromised on Sunday.
The post-SolarWinds EO could be issued as soon as next week, according to a report.
Younger employees and caregivers report more stress than other groups– and more shadow IT usage.
The incident, which forced the company to disconnect its systems, caused significant business disruption.
The cache of apps, found in Apple and Google’s official marketplaces, is largely targeted towards children, including several “slime simulators.”
A bug-bounty program launched for the Teams desktop videoconferencing and collaboration application has big payouts for finding security holes.
The social-media giant took down legions of fake profiles aimed at spreading espionage malware.
New research shows that while all sectors are at risk, 70 percent of manufacturing apps have vulnerabilities.
CEO says Apple rejected a security update needed to protect human-rights abuse evidence.
Thrive Themes has recently patched vulnerabilities in its WordPress plugins and legacy Themes – but attackers are targeting those who haven’t yet applied security updates.
The ransomware attack has impacted the IoT manufacturer’s production lines across multiple sites, and other internal operations.
Vast swathes of companies were likely compromised before patches were applied, so the danger remains.
A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing.
TikTok’s source code is in line with industry standards, security researchers say.
A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts.
A cyberattacker taunted the site about open security vulnerabilities, prompting a code review.
The arts-and-crafts retailer left 138GB of sensitive information open to the public internet.
Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week.
Attackers accessed personal and business data from the company’s legacy file-transfer service in a recent data-security incident but core IT systems remained untouched.
The flaws could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition.
Remote ed software bugs give attackers wide access student computers, data.
Attackers can leverage the critical Adobe ColdFusion flaw to launch arbitrary code execution attacks.
Researchers are reporting mass scanning for – and in-the-wild exploitation of – a critical-severity flaw in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure.
Attackers move on new CEOs, using transition confusion to harvest Microsoft credentials.
The malicious app spreads the BlackRock malware, which steals credentials from 458 services – including Twitter, WhatsApp, Facebook and Amazon.
A previously undocumented password and cookie stealer has been compromising accounts of big guns like Facebook, Apple, Amazon and Google since 2019 and then using them for cybercriminal activity.
Fintech security provider Fiserv acknowledges it used unregistered domain as default email.
In a new campaign, threat actors are bundling macOS malware in trojanized Apple Xcode developer projects.
A glitch in Zoom’s screen-sharing feature shows parts of presenters’ screens that they did not intend to share – potentially leaking emails or passwords.
The newly discovered steganography method could be exploited by threat actors to obscure nefarious activity inside photos hosted on the social-media platform.
The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities.
The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers.
The ‘young mastermind’ of the Twitter hack will serve three years in juvenile detention.
The American Rescue Act is the latest zeitgeisty lure being circulated in an email campaign.
A new Mimecast update reveals the SolarWinds hackers accessed several “limited” source code repositories.
Researchers say China-linked APTs lure victims with bogus Huawei career pages in what they dub ‘Operation Diànxùn’.
Insider Risk Management builds a framework around the new paradigm of “risk tolerance,” aiming to give security teams the visibility and context around data activity to protect that data, without putting rigid constraints on users.
A major spike of attacks against higher ed, K-12 and seminaries in March has prompted the FBI to issue a special alert.
A Florida high-school student faces jail time for rigging her school’s Homecoming Queen election.
A new Mirai variant is targeting known flaws in D-Link, Netgear and SonicWall devices, as well as newly-discovered flaws in unknown IoT devices.
Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress.
Researchers from Sucuri discovered the tactic, which creatively hides malicious activity until the info can be retrieved, during an investigation into a compromised Magento 2 e-commerce site.
Google has released the side-channel exploit in hopes of motivating web-application developers to protect their sites.
At SafeDNS, we see three entangled hurdles for MSPs in 2021 and the coming years— tied with the current economic uncertainty and somewhat linked to the pandemic.
A survey from Intel shows that most organizations prefer tech providers to have proactive security, but few meet security expectations.
A year after COVID-19 was officially determined to be a pandemic, the methods and tactics used by cybercriminals have drastically changed.
The use-after-free vulnerability is the third Google Chrome zero-day flaw to be disclosed in three months.
Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks.
The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations.
Sky ECC claims that cops cracked a fake version of the app being passed off by disgruntled reseller.
A legitimate binary for creating shortcut keys in Windows is being used to help the malware sneak past defenses, in a rash of new campaigns.
As attacks double every hour, hackers are exploiting vulnerable Microsoft Exchange servers and installing a new family of ransomware called DearCry.
The multinational brewing company did not say what type of incident caused a ‘systems outage,’ but it’s investigating and working to get networks back online.
Reports say that the agency in charge of managing Spain’s unemployment benefits has been hit by the Ryuk ransomware.
TrickBot rises to top threat in February, overtaking Emotet in Check Point’s new index.
A spam campaign hides a malicious executable behind file archive extensions.
At least 10 nation-state-backed groups are using the ProxyLogon exploit chain to compromise email servers, as compromises mount.
Researchers say the new RedXOR backdoor is targeting Linux systems with various data exfiltration and network traffic tunneling capabilities.
The financial cyber-gang is running limited attacks ahead of broader offensives on point-of-sale systems.
The F5 flaws could affect the networking infrastructure for some of the largest tech and Fortune 500 companies – including Microsoft, Oracle and Facebook.
The remote code execution flaw could allow attackers to deploy malware, modify network configurations and view databases.
A hybrid Monero cryptominer and ransomware bug has hit 20,000 machines in 60 days.
The security hole in the Plus Addons for Elementor plugin was used in active zero-day attacks prior to a patch being issued.
Spear-phishing emails are spreading the NimzaLoader malware loader, which some say may be used to download Cobalt Strike.
Surveillance footage from companies such as Tesla as well as hospitals, prisons, police departments and schools was accessed in the hack.
Researchers have identified two vulnerabilities in the company’s crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.
Microsoft’s regularly scheduled March Patch Tuesday updates address 89 CVEs overall.
Report reveals a booming business for Dark Web vendors selling everything from emails to hacked crypto accounts.
The critical flaws exist in Adobe Framemaker, Connect and the Creative Cloud desktop application for Windows.
A never-before-seen malware-dropper, Clast82, fetches the AlienBot and MRAT malware in a savvy Google Play campaign aimed at Android users.
Apple pushed out security updates for a memory-corruption bug to devices running on iOS, macOS, watchOS and for Safari.
A new side-channel attack takes aim at Intel’s CPU ring interconnect in order to glean sensitive data.
Researchers warn two critical bugs impacting multiple QNAP firmware versions are under active attack.
A phishing attack targeting Microsoft users leverages a bogus Google reCAPTCHA system.
The lack of cybersecurity requirements in weapons contracts from the Department of Defense opens the door for dangerous cyberattacks.
Website admins should patch all plugins, WordPress itself and back-end servers as soon as possible.
The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers.
EFF worries that the Google’s ‘privacy-first” vision for the future may pose new privacy risks.
A new variant of the Gafgyt botnet – that’s actively targeting vulnerable D-Link and Internet of Things devices – is the first variant of the malware to rely on Tor communications, researchers say.
Researchers with Microsoft and FireEye found three new malware families, which they said are used by the threat group behind the SolarWinds attack.
Elite Russian forums for cybercriminals have been hacked in a string of breaches, leaving hackers edgy and worried about law enforcement.
TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.
Espionage attacks exploiting the just-patched remote code-execution security bugs in Microsoft Exchange servers are quickly spreading.
Cybercriminals are using the COVID-19 vaccine to steal Microsoft credentials, infect systems with malware and bilk victims out of hundreds of dollars.
Wireless mouse-utility lacks proper authentication and opens Windows systems to attack.
A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users.
A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals.
Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.
The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics.
Attackers have weaponized code dependency confusion to target internal apps at tech giants.
Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks by a Chinese APT – while more incidents spread like wildfire.
The Fortune-500 hospital network owner is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October.
The UnC0ver team took advantage of an iOS flaw patched in January in its latest tool allowing developers and other enthusiasts to hack into their own devices.
Emails spreading the ObliqueRAT malware now make use of steganography, disguising their payloads on compromised websites.
The Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning.
A snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks.
Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction.
The Distributed Denial of Secrets group claim they have received more than 70 gigabytes of data exfiltrated from social media platform Gab.
Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users.
Researchers found a number of privacy and security issues in Amazon’s Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.
COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware.
A spear-phishing campaigned linked to a North Korean APT uses “NukeSped” malware in cyberespionage attacks against defense companies.
Sneaker bots are scooping up the new Yeezy “Ash Blue” and “Quantum” shoes to resell at a huge markup.
From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.
Researchers said they saw a seven-times increase in ransomware activity in the fourth quarter of 2020, across various families – from Ryuk to Egregor.
Retailers that lacked significant digital presence pre-COVID are now reaching new audiences through e-commerce sites that are accessible anytime, from anywhere, on any device.
Vietnam joins the ranks of governments using spyware to crack down on human-rights defenders.
A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results.
The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data.
Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.
Quickbooks malware targets tax data for attackers to sell and use in phishing scams.
Mozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking.
The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.
The hotly anticipated GeForce RTX 3060, a ray-tracing-friendly, advanced gaming graphics chip, will also throttle Ethereum mining.
As more organizations migrate to Office 365, cybercriminals are using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials.
NurseryCam suspends service across 40 daycare centers until a security fix is in place.
A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.
TietoEVRY was forced to shut down services and infrastructure as the company continues to investigate the incident with relevant authorities.
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express – but that really steal their credentials.
The FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services.
APT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers.
Two breaches of the audio-based social media app reinforce privacy, security concerns.
The threat actors stole data and used Clop’s leaks site to demand money in an extortion scheme, though no ransomware was deployed.
Sneaky attackers are flipping backslashes in phishing email URLs to evade protections, researchers said.
A second malware that targets Macs with Apple’s in-house M1 chip is infecting machines worldwide — but it’s unclear why.
RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.
However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.
The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013.
Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap.
DoppelPaymer ransomware gang claims credit for Kia’s outage, demands $20 million in double-extortion attack.
A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.
A malicious adware-distributing application specifically targets Apple’s new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices.
Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered.
Jones Day, which represented Trump, said the breach is part of the Accellion attack from December.
The WatchDog malware has flown under the radar for two years in what researchers call one of the ‘largest’ Monero cryptojacking attacks ever.
The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.
The feds have expanded the list of financial and political hacking crimes they allege are linked to Lazarus Group and North Korea.
A new version of the Masslogger trojan has been targeting Windows users – now using a compiled HTML (CHM) file format to start the infection chain.
Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups.
TikTok is again in hot water for how the popular video-sharing app collects and shares data – particularly from its underage userbase.
The open CA prepares for ‘worst scenarios’ with new fiber, servers, cryptographic signing and more.
The volume of attacks fell 31 percent in the last part of 2020, as Bitcoin values skyrocketed. But there were still several notable trends, such as a rise in Linux botnets.
Hundreds of thousands of individuals are potentially affected by this vulnerability.
Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.
Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed.
The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic.
Researcher testing of 30 mobile health apps for clinicians found that all of them had vulnerable APIs.
In a security notice, Yandex said an employee had been providing unauthorized access to users’ email accounts “for personal gain.”
A well-crafted SMS phishing effort is harvesting personal data and credit-card details under the guise of offering tax refunds.
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform.
Researchers discovered credentials for the Oldsmar water treatment facility in the massive compilation of data from breaches posted just days before the attack.
Emails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are actually spreading the BazaLoader malware.
The attackers ported victims’ cell phone lines and then defeated 2FA to access accounts and apps.
The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.
Research from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token stealers.
The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation.
The critical SAP cybersecurity flaw could allow for the compromise of an application used by e-commerce businesses.
The ransomware gang behind the hack of CD Projekt Red may be asking for $1 million opening bids for the company’s valuable data.
Researchers at Google and Stanford analyzed a 1.2 billion malicious emails to find out what makes users likely to get attacked. 2FA wasn’t a big factor.
Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.
The Code42 2021 Data Exposure Report highlights the need to adopt a new approach to data security and invest in modern Insider Risk technology.
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications.
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday — including 11 critical and six publicly known. And, it continued to address the Zerologon bug.
A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones.
A critical vulnerability in Adobe Reader has been exploited in “limited attacks.”
The LodaRAT – known for targeting Windows devices – has been discovered also targeting Android devices in a new espionage campaign.
CD Projekt Red was hit with a cyberattack (possibly the work of the “Hello Kitty” gang), and the attackers are threatening to release source code for Witcher 3, corporate documents and more.
A threat actor remotely accessed the IT system of the water treatment facility of Oldsmar and raised the levels of sodium hydroxide in the water, an action that was quickly noticed and remediated.
About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a ‘COMB’ collection.
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.
Remote work continues to fueling a spike in phishing and cyberattacks, particularly in the U.S.
In a unique attack, cybercriminals locally install an extension to manipulate data in internal web applications that the victims have access to.
The ransomware attack, affecting OT systems, resulted in some of WestRock’s facilities lagging in production levels.
Claroty reports that adversaries, CISOs and researchers have all turned their attention to finding critical security bugs in ICS networks.
An CRSF-to-stored-XSS security bug plagues 50,000 ‘Contact Form 7’ Style users.
Google warns of a zero-day vulnerability in the V8 open-source engine that’s being actively exploited by attackers.
Eletrobras, the largest power company in Latin America, faces a temporary suspension of some operations.
A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.
As many as 100,000 of the music streaming service’s customers could face account takeover.
A researcher hacked Nespresso Pro smart cards to dispense free, unlimited coffee.
The vulnerabilities exist in Cisco’s RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.
The company’s controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges.
A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware.
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.
Researchers warn that the Hildegard malware is part of ‘one of the most complicated attacks targeting Kubernetes.’
February’s security update for the mobile OS includes a Qualcomm flaw rated critical, with a CVSS score of 9.8.
The by-now infamous company has issued patches for three security vulnerabilities in total.
The infamous malware has incorporated the legitimate Masscan tool, which looks for open TCP/IP ports with lightning-fast results.
Feds charged California-based private detective for stealing $11M from investors, with help from actor Steven Seagal.
The sophisticated backdoor steals SSH credentials for servers in academic and scientific high-performance computing clusters.
An e-commerce credit-card skimmer is being used by a second skimmer to steal payment data – and both are on Costway’s website.
A new version of the Agent Tesla RAT can ‘kneecap’ endpoint protection software supported by Microsoft ASMI.
Cases reported to the FTC doubled last year as cybercriminals took advantage of increased filing for government relief benefits due to the pandemic.
Wind River Systems is warning of a ‘security incident’ after one or more files was downloaded from its network.
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign.
Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks.
The flaw in the free-source library could have been ported to multiple applications.
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compromised to install malware onto victim devices.
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.
Two new phishing tactics use the platform’s automated responses to evade email filters.
Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.
Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits.
New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with ‘Comebacker’ malware.
The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics.
Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow.
A phishing kit has been found running on at least 700 domains – and mimicking services via false SharePoint, OneDrive and Office 365 login portals.
A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack.
The detection-evasion tool, libprocesshider, hides TeamTNT’s malware from process-information programs.
The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector.
A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren’t connected to the internet.
Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.
Researchers publicly disclosed flaws in ADT’s LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.
Hundreds of servers and 1 million Emotet infections have been dismantled globally, while authorities have taken NetWalker’s Dark Web leaks site offline and charged a suspect.
An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are likely part of an exploit chain.
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products.
Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months.
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.
A database has exposed since at least September that contained sensitive criminal and family-court records related to Cook County, Ill.
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed.
Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor.
A security flaw in TikTok could have allowed attackers to query query the platform’s database – potentially opening up for privacy violations.
Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.
Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.
The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.
The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.
The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series.
The new tools on Chrome and Edge will make it easier for browser users to discover – and change – compromised passwords.
The “KindleDrip” attack would have allowed attackers to siphon money from unsuspecting victims.
A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them.
The CursedGrabber malware has infiltrated the open-source software code repository.
Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve.
Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.
Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty.
Researchers have traced the origins of a campaign – infecting SQL servers to mine cryptocurrency – back to an Iranian software firm.
Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms.
A phishing campaign spoofs Xerox notifications to lure victims into clicking on malicious HTML attachments.
Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.
The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory.
The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365.
Users of dating apps – like Tinder, Match and Bumble – should be on the lookout for investment-fraud scammers.
Mystery of spying using popular chat apps uncovered by Google Project Zero researcher.
Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution.
Joyce will replace Anne Neuberger, who is now deputy national security advisor for the incoming Biden administration.
The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.
The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks.
Users of the Linux-based open-source firmware—which include developers from commercial router companies–may be targeted by phishing campaigns, administrators warn.
Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.
Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures.
Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472.
Security researchers lambasted the controversial macOS Big Sur feature for exposing users’ sensitive data.
The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.
Facebook has sued two Chrome devs for scraping user profile data – including names, user IDs and more.
Judge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking.
The cybercriminal service has scammed victims out of $6.5 million and continues to spread on Telegram.
CISA has issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted.
The optional feature was released free to users in a technical preview this week, adding a new layer of security to service, which has been plagued by privacy concerns.
The company announced accounts for ages 13-15 will default to a strong privacy setting, among other safety measures.
Cisco fixed high-severity flaws tied to 67 CVEs overall, including ones found inits AnyConnect Secure Mobility Client and in its RV110W, RV130, RV130W, and RV215W small business routers.
Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs.
On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet.
Watering-hole attacks executed by ‘experts’ exploited Chrome, Windows and Android flaws and were carried out on two servers.
Security teams are preparing for the inevitable return to the workplace – and the privacy implications of exposure notification apps that companies may need to adopt.
The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks.
Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.
A sophisticated threat actor has hijacked email security connections to spy on targets.
The BumbleBee web shell allows APT attackers to upload and download files, and move laterally by running commands.
Adobe issued patches for seven critical arbitrary-code-execution flaws plaguing Windows and MacOS users.
Europol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace’s infrastructure, including more than 20 servers.
Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program.
WhatsApp aimed to clear the air about its updated privacy policy after reports of mandatory data sharing with Facebook drove users to Signal and Telegram in troves.
The release of a CIA archive on UFOs is exactly the kind of headline-making event that phishing and scam actors long for.
A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.
A researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google.
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.
Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces.
Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats that will plague enterprises in 2021.
An examination of the malware gang’s payments reveals insights into its economic operations.
Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group – and have been hired by SolarWinds.
The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior.
Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
Anne Neuberger will join the National Security Council, according to sources.
In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.
A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.
Provide your views on ransomware and how to deal with it in our anonymous Threatpost poll.
Despite being a mostly run-of-the-mill ransomware strain, Babuk Locker’s encryption mechanisms and abuse of Windows Restart Manager sets it apart.
The messaging platform will update its privacy platform on Feb. 8 to integrate further with its parent company, prompting users to cry foul over privacy issues.
The NSA released new guidance providing system administrators with the tools to update outdated TLS protocols.
Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.
Report outlines deep cybersecurity challenges for the public/private seagoing sector.
More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.
The widespread compromise affecting key government agencies is ongoing, according to the U.S. government.
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.
The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike.
The “People Nearby” feature in the secure messaging app can be abused to unmask a user’s precise location, a researcher said.
Google’s Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.
Researchers say a recent attack targeting videogaming developers has ‘strong links’ to the infamous APT27 threat group.
At least 6,500 cryptocurrency users have been infected by new, ‘extremely intrusive’ malware that’s spread via trojanized macOS, Windows and Linux apps.
Researcher discovered info of 35 million credit-card users from an attack on the Indian startup, which handles payments for numerous online marketplaces.
Apex Laboratory patient data was lifted and posted on a leak site.
Researcher uses an old unCAPTCHA trick against latest the audio version of reCAPTCHA, with a 97 percent success rate.
Over 500,000 leaked credentials tied to the top two dozen leading gaming companies are for sale online.
The cyberattack incident is the wireless carrier’s fourth in three years.
Several Ticketmaster executives conspired a hack against a rival concert presales firm, in attempt to ‘choke off’ its business.
Insider threats are redefined in 2021, the work-from-home trend will continue define the threat landscape and mobile endpoints become the attack vector of choice, according 2021 forecasts.
Reflecting on 2020’s record-breaking year of spam and inbox threats.
Ransomware response demands a whole-of-business plan before the next attack, according to our roundtable of experts.
Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.
Bugcrowd CTO Casey Ellis covers new cybersecurity challenges for online retailers.
A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.
Black man sues police, saying he was falsely ID’d by facial recognition, joining other Black Americans falling victim to the technology’s racial bias.
David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding “hacker logic” can help prioritize defenses.
The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data.
Threatpost explores 5 big takeaways from 2020 — and what they mean for 2021.
In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime.
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
The nation-state actor is looking to speed up vaccine development efforts in North Korea.
Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it.
Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.
Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.
Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.
Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities.
The underground payment-card data broker saw its blockchain DNS sites taken offline after an apparent law-enforcement effort – and now Tor sites are down.
Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.
A survey of single people found almost a third are still logging into their ex’s social-media accounts, some for revenge.
Investigation reveals device sector is problem plagued when it comes to security bugs.
Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world.
The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE.
FortiGuard Labs’ Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs.
Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.
The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation.
Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks.
What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll.
Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year.
Examining the backdoor’s DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign.
The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned.
Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues.
“Insider threat” or “human error” shows up a lot as the major cause of data breaches across all types of reports out there. But often it’s not defined, or it’s not clearly defined, so people conjure up their own definition.
Plixer’s Justin Jett, Compliance & Audit director, discusses how to prioritize when your security resources are thin.
The DoE suffered “damage” in the attack, which also likely extends beyond the initially known SolarWinds Orion attack vector.
A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin.
No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trump’s Twitter account by guessing his password, “MAGA2020!” last October.
Attack turns SDRAM buses into a Wi-Fi radio to leak data from air-gapped computers.
Two malicious software building blocks that could be baked into web applications prey on unsuspecting users.
The Zodiac’s serial killer’s 340 cipher, which couldn’t be solved for 50 years, has been cracked by a remote team of mathematicians.
Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft.
The massive shift to remote work has turbocharged the shadow IT problem.
In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks.
Meanwhile, FireEye has found a kill switch, and Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack.
Goontact lures users of illicit sites through Telegram and other secure messaging apps and steals their information for future fraudulent use.
Subway loyalty program members in U.K. and Ireland have been sent scam emails to trick them into downloading malware.
A poorly configured file opens users up to site takeover.
The worm returned in recent attacks against web applications, IP cameras and routers.
Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gains and Apple processor support.
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities.
From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.
This is the third breach in the past few weeks for the world’s most popular streaming service.
The insider threat will go to jail for two years after compromising Cisco’s cloud infrastructure.
The attack was mounted via SolarWinds Orion, in a manual and targeted supply-chain effort.
Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.
Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.
Fortinet’s Aamir Lakhani discusses best practices for securing company data against next-gen threats, like edge access trojans (EATs).
Threat actors accessed Pfizer vaccine documentation submitted to EU regulators in the latest cyberattack trying to profit off pandemic suffering.
The threat group is increasing its espionage activity in light of the current political climate and recent events in the Middle East, with two new backdoors.
Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases.
A series of bugs, patched in September, still allow remote code execution by attackers.
From eCommerce threats, to attacks at the smart edge, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year.
Ransomware attacks targeting hospitals have exacted a human cost as well as financial.
Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life.
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.
Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets.
Cybercriminals are leveraging the recent rollout of the COVID-19 vaccines globally in various cyberattacks – from stealing email passwords to distributing the Zebrocy malware.
Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware.
Google updates its mobile OS, fixing ten critical bugs, including one remote code execution flaw.
An attacker stole FireEye’s Red Team assessment tools that the company uses to test its customers’ security.
This sealogged Nazi machine will undergo restoration.
Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020.
Manufacturing powerhouse confirmed North American operations impacted by November cyberattack.
According to Cyberseek, an interactive mapping tool that tracks the current state of the security job market, there are more than half a million open cybersecurity positions available in the U.S. alone (522,000).
A CISA alert is flagging a critical default credentials issue that affects 100+ types of devices found in hospitals, from MRI machines to surgical imaging.
Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom.
It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure.
A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns.
Feds are warning that adversaries are exploiting a weeks-old bug in VMware’s Workspace One Access and VMware Identity Manager products.
The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more.
European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity.
The hotly anticipated game — featuring a digital Keanu Reeves as a major character — is being used as a lure for cyberattacks.
As hackers put a bullseye on healthcare, Threatpost spotlights how hospitals, researchers and patients have been affected and how the sector is bolstering their cyber defenses.
China joins Google in claiming quantum supremacy with new technology, ratcheting up RSA decryption concerns.
In the early fog of the COVID-19 pandemic, cybersecurity took a back seat to keeping patients alive. Lost in the chaos was IT security.
The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems.
The group published files stolen from the Brazilian aircraft manufacturer in a ransomware attack last month.
Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors.
Desktop versions of the browser received a total of eight fixes, half rated high-severity.
The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images.
VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.”
The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week.
The struggling retailer’s back-end services have been impacted, according to a report, just in time for the holidays.
A new “TrickBoot” module scans for vulnerable firmware and has the ability to read, write and erase it on devices.
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.
Lookout’s Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19-sparked remote working.
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailer’s stores.
Incydr lets you monitor your high-risk users without impeding their ongoing work.
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Edge.
Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump.
The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors.
CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes.
In a recent cyberattack against an E.U. country’s Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.
The post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, will be big drivers for medical-sector cyberattacks next year.
The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts.
Peter Lowe with DNSFilter discusses the science behind domain name system (DNS) filtering and how this method is effective in blocking out phishing and malware.
Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May.
The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs.
The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers.
An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.
The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.
Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more.
New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data.
More than a month after the cyberattack first hit, the UVM health network is still grappling with delayed payment processing and other issues.
The ransomware group has leaked stolen data to add pressure on the company to pay up.
A strain of the 13-year old backdoor Bandook trojan has been spotted in an espionage campaign.
The new backdoor comes with multiple payloads and new detection evasion tactics.
Ransomware gangs with zero-days and more players overall will characterize financially motivated cyberattacks next year.
Hackers are putting a bullseye on healthcare. Experts explore why hospitals are being singled out and what any company can do to better protect themselves.
Threat actors already stole nearly 4,000 credentials before the holiday was even over, according to report.
Gurucul CEO Saryu Nayyar discusses 2021’s evolving threats and new challenges — and new tools and technologies that will we hope shift the balance towards the defense.
Online shoppers are blissfully unaware of credit card skimming threats and malicious shopping apps as they head into this year’s Black Friday and Cyber Monday holiday shopping events.
Researchers show the promise of Federated Learning to protect patient privacy and improve healthcare outcomes across the world.
Designing a behavioral change program requires an audit of existing security practices and where the sticking points are.
Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares.
Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others.
Amit Bareket of Perimeter 81 believes that reducing the risks of remote work starts with updating the access policies of yesterday.
The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.
Events application Peatix this week disclosed a data breach, after user account information reportedly began circulating on Instagram and Telegram.
Fake Minecraft Modpacks on Google Play deliver millions of abusive ads and make normal phone use impossible.
Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay.
Cyberattackers could use the information to track users across devices, disable phone service, or intercept messages and phone calls.
Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.
Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes.
VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One.
‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.
The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.
Users of the music streaming service were targeted by attackers using credential-stuffing approaches.
The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.
A Turkish hacktivist defaced a subdomain of the president-elect’s campaign website.
Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.
The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge.
The information exposed in a public cloud bucket included PII, church-donation information, photos and users’ contact lists.
Domains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far.
The company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them.
Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.
Bug hunters at GitHub Security Lab help shore up German contact tracing app security, crediting open-source collaboration.
The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content.
MobileIron’s Brian Foster says to watch out for these top phishing approaches this holiday season.
The Code42 Incydr data risk detection and response solution focuses on giving security teams simplicity, signal and speed.
A reported ransomware attack took down operations at the company, which in talks for COVID-19 vaccine-distribution contracts.
Security experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices.
Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks.
While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks – from phishing to ransomware.
WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.
The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.
Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.
Overall Google’s Chrome 87 release fixed 33 security vulnerabilities.
President Trump fired US cybersecurity chief over Twitter Tuesday, an act widely condemned within the cybersecurity community.
Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.
Plixer’s Justin Jett on finding insider threats amidst the ever-increasing work-from-home population.
After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.
Global biotech firm Miltenyi, which supplies key components necessary for COVID-19 treatment research, has been battling a malware attack.
The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls.
A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.
Attackers can exploit the feature and send people’s data directly to remote servers, posing a privacy and security risk, researchers said.
Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles.
A fake Java update found on various porn sites actually downloads the well-known Zloader malware.
The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Center.
Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.
Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others.
A report on the underground economy finds that malicious actors are offering cloud-based troves of stolen data, accessible with handy tools to slice and dice what’s on offer.
With more online shoppers this year due to COVID-19, cybercriminals are pulling the trigger on new scams ahead of Black Friday and Cyber Monday.
‘Order This, Get This’: Social-media influencers are in Amazon’s legal crosshairs for promoting generic Amazon listings with the promise to get prohibited counterfeit luxury items instead.
Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks.
Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says.
The events giant faces a GDPR-related penalty in the U.K., and more could follow.
The North Face has reset an undisclosed number of customer accounts after detecting a credential-stuffing attack on its website.
Chris Krebs, the first and current U.S. cybersecurity director, said his protection of election process drew ire from Trump administration.
The modular malware is highly sophisticated but may not be able to capture credit-card info.
Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum.
Fortinet’s Aamir Lakhani discusses hacker forums as a rich source of threat intelligence.
Security problems in Schneider Electric programmable logic controllers allow compromise of the hardware, responsible for physical plant operations.
Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution.
Lesley Carhart, with Dragos, gives Threatpost a behind-the-scenes look at how industrial companies are faring during the COVID-19 pandemic – and how they can prepare for future threats.
Three security vulnerabilities can be chained to enable unauthenticated remote code execution.
Both Nvidia and Intel faced severe security issues this week – including a high-severity bug in Nvidia’s GeForce NOW.
Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.
Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.
The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software.
Philippines COVID-KAYA app allowed for unauthorized access typically protected by ‘superuser’ credentials and also may have exposed patient data.
Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.
Intel released 40 security advisories in total, addressing critical- and high-severity flaws across its Active Management Technology, Wireless Bluetooth and NUC products.
Retail bots are helping scalpers scoop up PS5, Xbox Series X inventory and charge massive markups.
Developers will have to reveal how data is shared with any “third-party partners,” which include analytics tools, advertising networks, third-party SDKs or other external vendors.
A banking trojan is targeting mobile app users in Brazil – and researchers warn that its operator has big plans to expand abroad.
Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.
Slapdash setup of Trump website collecting reports of Maricopa County in-person vote irregularities exposed 163,000 voter data records to fraud, via SQL injection.
The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned.
Three critical security bugs allow for easy privilege escalation to an administrator role.
An attack on the Microsoft Exchange server of an organization in Kuwait revealed two never-before-seen Powershell backdoors.
A cloud misconfiguration affecting users of a popular reservation platform threatens travelers with identity theft, scams, credit-card fraud and vacation-stealing.
The shopping cart application contains a PHP object-injection bug.
The illegal marketplace was hacked prior to it’s takedown — the IRS has now tracked down those stolen funds, it said.
The Ragnar Locker operators released a stolen contract between Wild Turkey and actor Matthew McConaughey, as proof of compromise.
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors.
The actively exploited vulnerabilities discovered by Project Zero exist across iPhone, iPad and iPod devices.
The Resident Evil creator reportedly been hit in a ransomware attack that stole 1TB of sensitive data.
Researchers figure out how to read what people are typing during a Zoom call using shoulder movements.
Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.
Emails try to lure victims with malicious documents claiming to have information about voting interference.
APT cloaks identity using script-kiddie messages and advanced deployment and targeting techniques.
Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal.
More than 200 Google Forms impersonate top brands – including Microsoft OneDrive, Office 365, and Wells Fargo – to steal victims’ credentials.
Financial disclosure filings describe a ransomware attack that delivered a weak punch.
A previous fix for the critical remote code execution bug was “incomplete,” according to VMware.
According to Code42’s Data Exposure Report, 63% of employees say they brought data with them from their previous employer to their current employer.
A Mississippi pilot program that allows police to livestream private camera footage sparks privacy fears from the ACLU.
A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds.
A diverse set of companies, including an adaptive-learning platform in Brazil, an online grocery service in Singapore and a cold-brew coffee-maker company, are caught up in the large data trove.
Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild.
The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update.
Aussie firm Isentia said “remediation and foregone revenue” could total $8.5 million AUS or more.
The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit.
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave.
WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update.
JM Bullion fell victim to a payment-card skimmer, which was in place for five months.
Cybercriminals are sending malicious links to hundreds of thousands of users via Google Drive notifications.
Google Project Zero disclosed the bug before a patch becomes available from Microsoft.
Cyber-researchers weigh in on what concerns them the most as the U.S. heads into the final weekend before the presidential election — and they also highlight the positives.
In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software.
The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism.
Scammers bilked Wisconsin Republicans out of $2.3 million in a basic BEC scam — and anyone working on the upcoming election needs to pay attention.
Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry — including bugs that just won’t die.
The Roaming Mantis group is targeting the States with a malware that can steal information, harvest financial data and send texts to self-propagate.
Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers.
NVIDIA said a high-severity information-disclosure bug impacting its DGX A100 server line wouldn’t be patched until early 2021.
Amid an uptick in attacks on healthcare orgs, malware families, Kegtap, Singlemalt and Winekey are being used to deliver the Ryuk ransomware to already strained systems.
Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF.
In a wide-ranging interview, a REvil leader said the gang is earning $100 million per year, and provided insights into the life of a cybercriminal.
Hundreds of emailed order confirmations for random strangers were sent to Canadian customers, each containing personal information.
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.
The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify.
Malicious redirection websites are using typosquatting and impersonation to attack unwary visitors.
Hospitals in New York and Oregon were targeted on Tuesday by threat actors who crippled systems and forced ambulances with sick patients to be rerouted, in some cases.
While Microsoft patched the bug known as CVE-2020-0796 back in March, more than one 100,000 Windows systems are still vulnerable.
Fraudulent Facebook messages allege copyright infringement and threaten to take down pages, unless users enter logins, passwords and 2FA codes.
Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.
Turla has outfitted a trio of backdoors with new C2 tricks and increased interop, as seen in an attack on a European government.
The Phosphorous APT has launched successful attacks against world leaders who are attending the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia, Microsoft warns.
With the election just a week away, cybercriminals are ramping up mobile attacks on citizens under the guise of campaign communications.
The Kimsuky/Hidden Cobra APT is going after the commercial sector, according to CISA.
How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.
Hackers claim to have access to classified information linking the president to the origin of the coronavirus and criminal collusion with foreign actors.
Systems designed by Mottech Water Management were misconfigured and put in place and connected to the internet without password protections.
Amazon notified customers and law enforcement of the insider-threat incident this week.
Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and share private info with third-party servers.
Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication.
With Code42 Incydr, you can keep tabs on when and where your data is going — without restricting where or how your employees want to collaborate and work.
Veracode’s Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.
Android apps packed with malware from HiddenAds family downloaded 8 million times from the online marketplace.
Internet Explorer redirects more traffic to Edge Chromium browser as Microsoft warns of the upcoming demise of the once dominant browser.
Ongoing attacks on the wildly popular game Among Us are testing developers’ ability to keep up.
The flaw (CVE-2020-15157) is located in the container image-pulling process.
Cybercriminals have already reportedly posted the details of 300 Vastaamo patients – and are threatening to release the data of others unless a ransom is paid.
Multiple chicken diners said their usernames and passwords were stolen and the accounts used to place high-volume orders.
The latest in a flurry of actions this week, tied to foreign threats against U.S. computer systems, includes sanctions by the Department of the Treasury.
The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks.
An investigation showed a custom backdoor RAT and the Emotet trojan in the networks of municipal victims of the attacks.
There are many areas of the election process that criminal hackers can target to influence election results.
With Election Day approaching, local governments need to be prepared for malware attacks on election infrastructure.
Dr. Reddy’s, the contractor for Russia’s “Sputinik V” COVID-19 vaccine and a major generics producer, has had to close plants and isolate its data centers.
Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more.
Sopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct. 20 but has remained mostly mum on details.
Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.
An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam.
Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a “missed chat” from Microsoft Teams.
Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.
Messages that threaten people to ‘vote for Trump or else’ are part of foreign adversaries’ attempts to interfere with the Nov. 3 election, according to feds.
The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities.
The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.
Over half of Oracle’s flaws in its quarterly patch update can be remotely exploitable without authentication; two have CVSS scores of 10 out of 10.
The ransomware gang claims to have bought network access to the bookseller’s systems before encrypting the networks and stealing “financial and audit data.”
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.
The memory-corruption vulnerability exists in the browser’s FreeType font rendering library.
Cybercriminal gang Darkside sent $20K in donations to charities in a ‘Robin Hood’ effort that’s likely intended to draw attention to future data dumps, according to experts.
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month.
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks – including a recent strike on a half-million Facebook users.
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.
Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth.
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.
With Stanford research showing that nearly half of the U.S. labor force is now working from home full-time, insider threats are a much more difficult problem.
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
“Nuke Bizzle” faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, “EDD.”
DOJ charges six Russian nationals for their alleged part in the NotPetya, Ukraine power grid and Olympics cyberattacks.
The espionage tool masquerades as legitimate applications and robs victims blind of their data.
Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.
Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.
In both cases, cybercriminals claim to have reams of information for the popular gaming titles.
The shift to remote working spurred Microsoft and Amazon to the top of the heap for cybercriminals to use as lures in the third quarter.
Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams — all with the same infrastructure.
The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.
Google’s Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden’s presidential campaign.
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.
After cybercriminals smoked out 3 million compromised payment cards on the Joker’s Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.
From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.
In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.
Companies that use Broadvoice’s cloud-based VoIP platform may find their patients, customers, suppliers and partners to be impacted by a massive data exposure.
Customers’ lists of book purchases along with email addresses and more could have been exposed during a (ransomware?) attack — and that’s a problem.
Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.
Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.
BEC fraudsters now have bases of operation across at least 39 counties and are responsible for $26 billion in losses annually — and growing.
The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in.
The Iranian hacker group is targeting universities in 12 countries.
The Clop ransomware has become a tool of choice for the financially motivated group.
Intel’s addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD’s Secure Memory Encryption (SME) feature.
Intel and Google are urging users to update the Linux kernel to version 5.9 or later.
Databases of sensitive, financial and personally identifiable info and documents from Intcomex were leaked on Russian-language hacker forum after a ransomware attack.
There were 11 critical bugs and six that were unpatched but publicly known in this month’s regularly scheduled Microsoft updates.
Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.
The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.
The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.
Cybercriminals are chaining Microsoft’s Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.
The streaming box allows arbitrary code execution as root, paving the way to pilfering social-media tokens, passwords, messaging history and more.
Microsoft and partners went after the botnet using a copyright infringement tactic and hunting down C2 servers.
Bad actors are leveraging legitimate services and tools within Microsoft’s productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds.
Network access to various industries is being offered in underground forums at as little as $300 a pop – and researchers warn that ransomware groups like Maze and NetWalker could be buying in.
Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.
The malware also has a unique machine-learning module.
Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports — which will dictate new bonus percentages.
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack.
Collectively, 240 fraudulent Android apps — masquerading as retro game emulators — account for 14 million installs.
Three high-severity flaws exist in Cisco’s Webex video conferencing system, Cisco’s Video Surveillance 8000 Series IP Cameras and Identity Services Engine.
The P2P malware is infecting any and all types of endpoints via brute-forcing, with 10 versions targeting desktops, laptops, mobile and IoT devices.
Two flaws in Microsoft’s cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks.
A spike in phishing and malicious websites aimed at defrauding Amazon.com customers aim to make Prime Day a field day for hackers.
The newly discovered APT specializes in espionage campaigns against industrial holdings — a rare target for spyware.
CISA warned already-strained public-sector entities about disturbing spikes in Emotet phishing attacks aimed at municipalities.
The most serious bugs are elevation-of-privilege issues in the Android System component (CVE-2020-0215 and CVE-2020-0416).
Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns.
Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users.
Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia.
The upcoming deadlines for applying for coronavirus relief are the lure for a phish that gets around email security gateways by using a legitimate SharePoint page for data-harvesting.
Researchers disclosed the ‘WarezTheRemote’ attack, affecting Comcast’s XR11 voice remote control.
At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren’t a ‘silver bullet’ for security teams.
Smart sex toy vulnerable to hacks, researchers say — which could expose users’ most sensitive bits (of data) to cybercriminals.
The Magecart spinoff group targeted the wireless service provider in an odd choice of victim.
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.
The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.
The fileless attack uses a phishing campaign that lures victims with information about a workers’ compensation claim.
A researcher claims that the issue can be exploited by attackers in order to gain root access.
Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.
The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras.
AgentTesla, LimeRAT, W3Cryptolocker and Redline Stealer are now using Paste.nrecom in spear-phishing attacks.
The MosaicRegressor espionage framework is newly discovered and appears to be the work of Chinese-speaking actors.
A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions.
The two alleged leaders of Team Xecuter targeted popular consoles like the Nintendo Switch, the Sony PlayStation Classic and Microsoft Xbox.
The newly discovered ransomware is hitting companies worldwide, including the GEFCO global logistics company.
Phishing emails tell recipients that their voter’s registration applications are incomplete – but instead steal their social security numbers, license data and more.
Account takeover fraud (ATO) attacks are on the rise, up nearly 300 percent since last year.
Financial institutions, cyber-insurance firms, and security firms have all been put on notice by the U.S. Department of the Treasury.
Eleven different malware families are coordinating on distribution, features, geo-targeting and more.
Facebook detailed an ad-fraud cyberattack that’s been ongoing since 2016, stealing Facebook credentials and browser cookies.
Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he’s faced, reporting CVEs since 1994.
Hundreds of U.S. organizations on Thursday received emails purporting to come from the Democratic National Committee, in a new politically charged Emotet spear-phishing attack.
What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.
Cybercriminals set up three different CAPTCHAs that Office 365 targets must click through before the final phishing page.
Federal prosecutors charged two men with crimes that carry up to 20 years in prison.
Researchers say that the campaign sidesteps end user detection and security solutions.
In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices.
Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more.
The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion.
The cybercrooks spread the COVID-19 relief scam via Telegram and WhatsApp, and ultimately harvest account credentials and even pics of IDs.
Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable.
Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them.
The attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active exploits of CVE-2020-1472 were first flagged.
Botnets and IoT devices are forming a perfect storm for IT staff wrestling with WFH employee security.
A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom.
Threatpost’s latest poll probes telehealth security risks and asks for IT cures.
Researchers warn of emails pretending to help business employees upgrade to Windows 10 – and then stealing their Outlook emails and passwords.
FinSpy has returned in new campaigns targeting dissident organizations in Egypt – and researchers uncovered new samples of the spyware targeting macOS and Linux users.
The Ryuk ransomware is suspected to be the culprit.
September saw dozens of Joker malware variants hitting Google Play and third-party app stores.
Twitter has fixed a caching issue that could have exposed developers’ API keys and tokens.
Four leading voices in the bug bounty community answer frequently asked questions from bounty hunters, companies and curious cybersecurity professionals.
The client’s default configuration for SSL-VPN has a certificate issue, researchers said.
The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.
Privacy fears are blasting off after Amazon’s Ring division unveiled the new Always Home Cam, a smart home security camera drone.
An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.
The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit.
Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software.
Convincing SMS messages tell victims that they’ve been selected for a pre-release trial for the soon-to-be-launched device.
A new ‘fork’ of the Cerberus banking trojan, called Alien, targets victims’ credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook.
A Samba patch and a micropatch for end-of-life servers have debuted in the face of the critical vulnerability.
Credential abuse drives illicit market for in-game rare skins, special weapons and unique tools.
When it comes to patching critical flaws, industrial firms face various challenges – with some needing to shut down entire factories in order to apply updates.
The trojan has seen a big spike in activity since August, the Feds are warning.
The cybercriminal group has plagued firms with ransomware, sent via spear phishing emails with COVID-19 lures, since March.
Google’s new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaws.
Windows MSI files provide an opening for attackers even though the bug was mostly patched in July.
Microsoft announced a new Security Guide to help cybersecurity professionals more quickly untangle relevant bugs in its monthly security bulletins.
Mozilla has fixed three high-severity flaws with the release of Firefox 81 and Firefox ESR 78.3.
The Call of Duty behemoth said that the reports of widespread hacks are false.
A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis shows.
When it comes to endpoint security, a handful of threats make up the bulk of the most serious attack tools and tactics.
Data exposed included search terms, location coordinates, and device information – but no personal data.
The deadline looms for U.S. Cybersecurity and Infrastructure Security Agency’s emergency directive for federal agencies to patch against the so-called ‘Zerologon’ vulnerability.
Anyone on the same Wi-Fi network can force websites to launch, with no user interaction.
A new Android malware strain has been uncovered, part of the Rampant Kitten threat group’s widespread surveillance campaign that targets Telegram credentials and more.
With no hard evidence of abuse, are bans warranted? The real security concerns will likely come after the ban goes into effect, researchers said in our exclusive roundtable.
Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefully) final patch.
Enterprise security teams are “drowning in alerts.”
As the pandemic drags on and remote workforces stay remote, zero-trust and other lessons learned should come to the fore.
Maze continues to adopt tactics from rival cybercrime gangs.
Mozi’s spike comes amid a huge increase in overall IoT botnet activity.
Release of iOS 14 and iPadOS 14 brings fixes 11 bugs, some rated high-severity.
The official app store is taking on spy- and surveillance-ware, along with apps that could be used to mount political-influence campaigns.
Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.
The attack on the Newhall District in Valencia is part of a wave of ransomware attacks on the education sector, which shows no sign of dissipating.
The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic institutions since May 2020 until as recently as last week.
More people being online during lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers.
The two hackers allegedly hacked more than 50 websites hosted in the U.S. and vandalized them with pro-Iran messages.
Cynet’s report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack vector, and the approaches being used to distribute malware in spearphishing attacks.
The ‘BLESA’ flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said.
Social engineering and employee mistakes lead to breach Veteran’s Administration and the National Health Service.
QR code usage is soaring in the pandemic — but malicious versions aren’t something that most people think about.
Two bugs (CVE-2020-4703 and CVE-2020-4711) in IBM’s Spectrum Protect Plus data-storage protection solution could enable remote code execution.
Security researchers and U.S. government authorities alike are urging admins to address Microsoft’s critical privilege escalation flaw.
Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.
Monday’s CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.
A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.
The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.
The Russia-linked threat group is harvesting credentials for Microsoft’s cloud offering, and targeting mainly election-related organizations.
Attackers check the victims’ Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
Just months before the U.S. presidential election, hackers from Russia, China and Iran are ramping up phishing and malware attacks against campaign staffers.
A cloud misconfiguration at the gaming-gear merchant potentially exposed 100,000 customers to phishing and fraud.
The “BLURtooth” flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.
Cyberattacks have caused several school systems to delay students’ first day back – and experts warn that new COVID-related delays could be the new “snow days.”
New opt-in COVID-19 Exposure Notifications Express systems baked into Apple’s iOS and available on Android need privacy guardrails, say privacy advocates.
The Cynet 360 platform is built on three pillars; Extended Detection and Response (XDR), Response Automation, and Managed Detection and Response (MDR).
The Linux-targeted code can steal phone-call metadata, likely in spy campaigns or for use in VoIP fraud.
The malware has popped up in a targeted campaign and a new infection routine.
The September Android security bulletin addressed critical- and high-severity flaws tied to 53 CVEs overall.
Using a legitimate tool called Weave Scope, the cybercrime group is establishing fileless backdoors on targeted Docker and Kubernetes clusters.
Researchers warn of critical vulnerabilities in a third-party industrial component used by top ICS vendors like Rockwell Automation and Siemens.
Malware can take over common device functions as well as creates a phishing page to steal Facebook credentials.
The most concerning of the disclosed bugs would allow an attacker to take over Microsoft Exchange just by sending an email.
The critical Intel vulnerability could allow unauthenticated attackers gain escalated privileges on Intel vPro corporate systems.
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches.
A new dynamic tool developed by Columbia University researchers flagged cryptography mistakes made in more than 300 popular Android apps.
A researcher discovered a cross-site scripting flaw in Google Map’s export function, which earned him $10,000 in bug bounty rewards.
The SASE model for remote access and security coupled with Zero Trust can help redefine network and perimeter defenses when a traditional “perimeter” no longer exists.
As IT systems, IoT and operational technology converge, attacks on cyber-physical systems in industrial, healthcare and other scenarios will come with dire consequences, Gartner predicts.
Cybercriminals can use social media in many ways in order to trick employees.
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.
If the social-media behemoth finds a bug in another platform’s code, the project has 90 days to remediate before Facebook goes public.
A phishing campaign uses overlay screens and email ‘quarantine’ policies to steal targets’ Microsoft Outlook credentials.
The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.
An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495.
The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166 percent.
The Evilnum APT has added the RAT to its arsenal as part of a big change-up in its TTPs.
The NSA argued its mass surveillance program stopped terrorist attacks – but a new U.S. court ruling found that this is not legal, and may have even been unconstitutional.
Technology minister bans, Baidu, WeChat Work, AliPay and 115 others for capturing using data and transmitting it to servers outside of the country without authorization.
U.S. agencies must implement vulnerability-disclosure policies by March 2021, according to a new CISA mandate.
That number represents a big uptick over Q1.
KryptoCibule spreads via pirated software and game torrents.
The six malicious apps have been removed from Google Play, but could still threaten 200,000 installs.
Next week, Senior Analyst Dave Gruber of ESG will join cybersecurity company Cynet for a webinar to help companies better understand the promise and realities of emerging XDR technologies.
Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices.
The RAT has been distributed in various campaigns over the past six months, targeting both European officials and Tibetan dissidents.
Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites.
Some underground forum users said they’re monetizing the information through the State Department’s anti-influence-campaign effort.
In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.
While privacy advocates have warned against Ring’s partnerships with police, newly unearthed documents reveal FBI concerns about ‘new challenges’ smart doorbell footage could create for cops.
The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits.
The notarized malware payloads were discovered in a recent MacOS adware campaign, disguised as Adobe Flash Player updates.
The Iran-linked APT is targeting Israeli scholars and U.S. government employees in a credential-stealing effort.
More than 2 billion breached Fortnite accounts have gone up for sale in underground forums so far in 2020 alone.
The RCE bug affects versions below 4.4 of the Slack desktop app.
Researchers warn that a phishing scam is targeting Instagram users via direct messages on the app.
A Tesla employee was reportedly approached by a Russian national and asked to install malware on the company’s systems.
Complaint details collaboration with China to funnel $250m in stolen funds as part of state-sponsored attacks.
Former Cisco employee Sudhish Kasaba Ramesh admitted to accessing Cisco’s cloud infrastructure and deleting 16,000 Webex Teams employee accounts.
While privacy experts praised Apple’s upcoming iOS 14 updates, Facebook said the new features could cut its advertising business in half.
Magecart’s successes have led to threat actors actively advertising ‘sniffers’ that can be injected into e-commerce websites in order to exfiltrate payment cards.
Malicious attachments continue to be a top threat vector in the cybercriminal world, even as public awareness increases and tech companies amp up their defenses.
New version of trojan is spreading fast and already has claimed 100,000 victims globally, Check Point has discovered.
Nine bugs were patched, eight of which are rated ‘high’ severity.
The popular Autodesk software was exploited in a recent cyberespionage campaign against an international architectural company.
Threat actors are becoming increasingly sophisticated in launching disinformation campaigns – and staying under the radar to avoid detection from Facebook, Twitter and other platforms.
Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.
IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 drags on.
Researchers have unearthed more vulnerabilities in Microsoft’s IoT security solution.
Polish security researcher unveiled the flaw in a cross-browser sharing API that could allow attackers to steal user files.
The North Korean-linked APT’s latest campaign shows that it is shifting focus to target the cryptocurrency and financial verticals.
With many in the public sphere warning about a potential compromise of the integrity of the Presidential Election, security researchers instead flag online resources and influence campaigns as the biggest problem areas.
The high-severity flaw, which was patched in the latest version of Google’s Chrome browser, could allow code execution.
The recent Dharma campaign by Iran-linked script kiddies shows that the ransomware is being spread not just by sophisticated, state-sponsored actors anymore.
APIs make your systems easier to run — and make it easier for hackers, too.
The university said that it paid $457,000 to retrieve a decryption key after a ransomware attack encrypted student and faculty data on its servers.
Malicious Community Amazon Machine Images are a ripe target for hackers, say researchers.
Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more.
Joseph Sullivan allegedly paid off $100K to the hackers responsible for a 2016 data breach, which exposed PII of 57 million passengers and drivers.
The lawsuit alleged that the IBM-owned Weather Channel mobile app did not let users know it was selling their geolocation data.
The group has added a management console and a USB worming function to its main malware, Crimson RAT.
The unscheduled security update addresses two “important”-severity flaws in Windows 8.1 and Windows Server 2012.
The proposed law comes as police departments around the country for their use of facial recognition to identify allegedly violent Black Lives Matter protesters.
Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), software for optimizing WAN on virtual private cloud infrastructure.
A low-privileged process on a vulnerable machine could allow data harvesting and DoS.
A patch has been issued for the flaw in a widely-used module, and researchers are urging IoT manufacturers to update their devices ASAP.
The unique, advanced worming P2P botnet drops backdoors and cryptominers, and is spreading globally.
Up to 61 percent out of the IATA (International Air Transport Association) airline members do not have a published DMARC record.
Researchers reveal technology called SpiKey that can ‘listen’ to the clicks a key makes in a lock and create a duplicate from the sounds.
A recently uncovered, active campaign called “Duri” makes use of HTML smuggling to deliver malware.
Vulnerability management continues to challenge businesses, as they face tens of thousands of bugs with every scan.
The malware harvests AWS credentials and installs Monero cryptominers.
Juniper identifies phishing campaign targeting business customers with malware using password protection, among other techniques, to avoid detection.
A researcher developed a killswitch exploiting a buffer overflow in Emotet – preventing the malware from infecting systems for six months.
The REvil ransomware and savvy phone scammers have exposed sensitive information.
The Canada Revenue Agency (CRA) suspended online services after accounts were hit in a third wave of credential stuffing attacks this weekend – giving bad actors access to various government services.
Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2.
The XCSSET suite of malware also hijacks browsers, has a ransomware module and more — and uses a pair of zero-day exploits.
The recently patched flaws could be abused by an unauthenticated, remote attackers to take over vulnerable websites.
The consumer-electronics giant had suffered partial outages across its U.S. website and internal systems reportedly, thanks to the Maze gang.
The photo-sharing app retained people’s photos and private direct messages on its servers even after users removed them.
A never before seen malware has been used for espionage purposes via Linux systems, warn the NSA and FBI in a joint advisory.
The APT is becoming more sophisticated over time.
The video-conferencing specialist has yet to roll out full encryption, but it says it’s working on it.
Fortinet’s recently released Global Threat Landscape Report shows how the perimeter is extending to the home in the first half of 2020 – and what that means for cybercrime.
Rare attack on cellular protocol exploits an encryption-implementation flaw at base stations to record voice calls.
The cross-site scripting flaw could enable arbitrary code execution, information disclosure – and even account takeover.
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices.
Citrix said that it anticipates malicious actors “will move quickly to exploit” two critical flaws in its mobile device management software.
App concealed the practice of gathering device unique identifiers using an added layer of encryption.
The RAT is surging in 2020, becoming more prevalent than even the infamous TrickBot or Emotet malware.
One of the two zero-day bugs is rated ‘critical’ and is classified as a remote code-execution bug impacting Microsoft’s Internet Explorer.
A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules.
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader.
The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities.
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.
Google Home devices reportedly recorded noises even without the “Hey Google” prompt due to the inadvertent rollout of a home security system feature.
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
Attacks were way up year-over-year in the second quarter as people continue to work from home.
Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims’ passwords.
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
Legacy applications don’t support modern authentication — and cybercriminals know this.
Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.
Chipmaker investigates a leak of intellectual property from its partner and customer resource center.
Appropriate use of native security controls in AWS and other CSPs is fundamental to managing cloud risk and avoiding costly breaches.
An inside look at how nation-states use social media to influence, confuse and divide — and why cybersecurity researchers should be involved.
Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed.
Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.
Cisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers to launch DoS attacks against its popular small business switches.
At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft’s malicious macros protections to infect MacOS users.
Black Hat 2020 session discusses how high-wattage connected devices like dishwashers and heating systems can be recruited into botnets and used to manipulate energy markets.
Government hopes to avoid interference in the upcoming November presidential vote with a hefty reward.
The groups, all tied to the Winnti supply-chain specialist gang, were seen using the same Linux rootkit and backdoor combo.
Voting machine technology seller Election Systems & Software (ES&S) offered an olive branch to security researchers with new safe harbor terms and vulnerability disclosure policies at Black Hat USA 2020.
A vulnerability in Twitter for Android could have allowed attackers to access private direct messages (DMs) and other data.
Voting Village security celeb Matt Blaze delves into the logistics of scaling up mail-in voting ahead of November’s election.
The explosion of open-source AI models are lowering the barrier of entry for bad actors to create fake video, audio and images – and Facebook, Twitter and other platforms aren’t ready.
Google addressed high-severity and critical flaws tied to 54 CVEs in this month’s Android security bulletin.
An attacker can hide amidst legitimate traffic in the application’s update function.
The agency known for its own questionable surveillance activity advised how mobile users can limit others’ ability to track where they are.
During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet’s recent return -and how a cyber vigilante is attempting to thwart the malware’s comeback.
The ransomware has surged since moving to a RaaS model.
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites.
The potential FTC fine comes after Twitter last year acknowledged that user emails and phone numbers were being used for targeted advertising.
COVID-19 pandemic spurs spoofing preference changes, plus a surge in email-based attacks.
Andrew Ginter, VP Industrial Security at Waterfall Security Solutions, talks about the differing priorities between IT and OT security teams as industrial control systems become connected.
Starting Sept. 1, Google will crack down on misinformation, a lack of transparency and the ability to amplify or circulate politically influential content.
Almost two months after a high-severity flaw was disclosed – and seven months after it was first reported – Netgear has yet to issue fixes for 45 of its router models.
The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com – and why they are the “holy grail” for attackers.
Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup “Groups.”
The flaws have been confirmed by Grandstream, but no firmware update has yet been issued.
Three have been charged in alleged connection with the recent high-profile Twitter hack – including a 17-year-old teen from Florida who is the reported “mastermind” behind the attack.
The corporate-travel leader has confirmed an attack that knocked systems offline.
Researchers uncovered a disinformation campaign aiming to discredit NATO via fake news content on compromised news websites.
Hackers “mislead certain employees” to gain access to internal tools to take over high-profile accounts and push out a Bitcoin scam.
Threatpost editors break down the top themes, speakers and sessions to look out for this year at Black Hat 2020 – from election security to remote work and the pandemic.
Zoom has fixed the issue, which stemmed from a lack of checks against incorrect passcode attempts.
The malware is a new payload that uses Dogecoin wallets for its C2, and spreads via the Ngrok botnet.
The flaw could allow a remote, unauthenticated attacker to bypass authentication on vulnerable devices.
A vulnerability in the state’s system may have exposed personal data that can be used for credential theft for those who filed Property Transfer Tax returns online.
Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform.
The “BootHole” bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT, IoT and home networks.
Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.
WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch.
Algorithms clocked error rates of between 5% to 50% when comparing photos of people wearing digitally created masks with unmasked faces.
Attackers could have exploited various flaws in OkCupid’s mobile app and webpage to steal victims’ sensitive data and even send messages out from their profiles.
A new ransomware, VHD, was seen being delivered by the nation-state group’s multiplatform malware platform, MATA.
Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2020.
A path traversal vulnerability in the iDRAC technology can allow remote attackers to take over control of server operations.
Researchers can earn up to $100,000 for finding vulnerabilities in Microsoft’s revamped Windows Insider Preview bug bounty program.
Attackers are exploiting a high-severity vulnerability in Cisco’s network security software products, which is used by Fortune 500 companies.
The U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.
The DJI GO 4 application open users’ sensitive data up for the taking, researchers allege.
Power plants, factories, oil and gas refineries and more are all in the sights of foreign adversaries, the U.S. warns.
Threatpost editors talk about the biggest security news stories for the week ended Jul. 24.
Twenty-nine bad mobile apps with a combined 3.5 million downloads bombard users with out-of-context ads.
The flaw exists in Cisco’s network security Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software.
Garmin’s consumer and commercial aviation services, websites and customer service have all been rendered unavailable.
COVID-19 has changed the face of cybercrime, as the latest malware statistics show.
The two flaws allow man-in-the-middle attacks that would give an attacker access to all data flowing through the router.
Privacy commissioners worldwide urged video conferencing systems like Microsoft, Cisco and Zoom to adopt end-to-end encryption, two-factor authentication and other security measures.
A Dutch elected official is among those whose DMs were hijacked, the company said.
The RDAT tool uses email as a C2 channel, with attachments that hide data and commands inside images.
Apple’s Security Research Device program is now open to select researchers – but some are irked by the program’s vulnerability disclosure restrictions.
The North Korean APT has been using the framework, called MATA, for a number of purposes, from spying to financial gain.
An Android spyware attack was recently discovered that targeted the Uyghur ethnic minority group – since 2013.
An exposed ElasticSearch server belonging to Software MacKiev put 60,000 users of the Family Tree Maker software at risk.
Emotet has resurfaced after a five-month hiatus, with more than 250,000 malspam messages being sent to email recipients worldwide.
Chris Vickery talks about his craziest data breach discoveries and why “vishing” is the next top threat no one’s ready for.
Adobe issued out-of-band patches for critical flaws tied to 12 CVEs in Photoshop and other applications.
The company warned that cybercriminals are using a black box with proprietary code in attacks to illegally dispense cash across Europe.
A federal judge in California ruled that the spyware vendor does not have sovereign immunity.
Four trojanized cryptocurrency trading apps have been found spreading malware that drains cryptocurrency wallets and collects Mac users’ browsing data.
Password management tools and apps can help ease the pain of passwords, but even those don’t totally solve all of the password challenges all of the time.
Less than 500 machines have been patched since U.S. Cyber Command issued an alert to patch a critical bug that’s under active exploit.
With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.
An emergency directive orders some federal agencies to apply Microsoft’s patch for a critical DNS vulnerability by Friday, July 17 at 2 p.m. (ET).
Companies should forget about auditing where data resides and who has access to it.
The Russia-linked APT29 has set its sights on pharma research in Western nations in a likely attempt to get ahead on a cure for coronavirus.
An attacker could pose as a company employee, invite customers or partners to meetings, then use socially engineered conversation to extract sensitive information.
A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.
CryptBB becomes more inclusive by inviting less experienced hackers to learn from expert cybercriminals and one another.
BlackRock, based on the Xerxes source code, can steal info not only from financial apps but also TikTok, Tinder, Instagram, Uber and many others.
The Twitter accounts of Bill Gates, Elon Musk, Joe Biden, Apple and Uber have each been hijacked at the same time to push a cryptocurrency scam in an unprecedented breach of Twitter accounts.
Four sophisticated malware families are ramping up their techniques and actively spreading to new countries, including the U.S.
Sectors such as Education (47%), Energy (40%), and Public Administration (37%) have struggled to implement TLS 1.2 protocols
Eighteen critical bugs, impacting Windows Server, Office and Outlook, were fixed as part of the patch roundup.
Microsoft gives the ‘wormable’ flaw a security rating of 10 – the most severe warning possible.
The software giant released patches for four critical vulnerabilities and five different platforms.
As colleges and universities prepare for the fall semester, email protections against surging threats like BEC and phishing are lagging.
Cybercriminals know that mobile devices are less secure, so it’s no surprise that last year Verizon found that 4 in 10 companies were breached through a mobile device.
Last summer’s data leak at the hotel chain appears to be far more expansive than previously thought — or the credentials could come from a hack of DataViper.
Exploitation of the bug can allow an attacker to lift sensitive information, delete files, execute code, carry out sabotage and more.
A data-stealing module in a recent sandboxed sample triggers browser-based fraud alerts for Trickbot victims — and shows something of the inner working of the malware’s operators.
Traditional financial crime and cyberattacks are converging, requiring new skills and approaches to the problem, officials said.
A new BEC threat group is heralding more sophisticated email scams that target organizations without DMARC and squeeze as much money out of victims as possible.
Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.
From an operational standpoint, the foundation of CARTA starts with an assessment and then building the zero-trust principles on top of that with an adaptive security model.
Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings.
Starting in August Google is banning ads of products or services promoting stalkerware.
Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.
Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.
Application-based attacks that use the passwordless “log in with…” feature common to cloud services are on the rise.
Researchers said that the issue is only exploitable on Windows 7 and earlier.
A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed.
The server contained almost 270 gigabytes of data collected from 200 police departments, law enforcement training and support resources and fusion centers.
Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.
Thousands of vulnerable websites need to apply the patch to avoid RCE.
The Kazakh native made headlines last year for hacking McAfee, Symantec and Trend Micro; but the Feds say he’s also behind a widespread backdoor operation spanning six continents.
The phishing campaign targeted Office 365 accounts in 62 countries, using business-related reports and the coronavirus pandemic as lures.
Unprecedented amounts of data for accessing bank accounts and streaming services are being flogged on the dark web.
The Nigerian native has been extradited from Dubai after a string of over-the-top Instagram posts.
Researchers warn that Keeper, using Magecart code, will launch increasingly sophisticated attacks against online merchants worldwide in the coming months.
The Cerberus malware can steal banking credentials, bypass security measures and access text messages.
Admins should patch their Citrix ADC and Gateway installs immediately.
A campaign discovered by Malwarebytes Labs in mid-April has lifted credentials from a number of e-commerce portals.
Dr. Jesus Molina, director of Industrial IOT with Waterfall Security Solutions, discusses the security challenges facing rail networks and systems.
Researchers warn that Cosmic Lynx targets firms that don’t use DMARC and uses a “mergers and acquisitions” pretext that can lead to large sums of money being stolen.
Researchers say that 14.8 percent of Android users who were targeted with mobile malware or adware last year were left with undeletable files.
Security experts and the U.S. Cyber Command are urging admins to update a critical flaw in F5 Networks, which is under active attack.
North Korea-based APT is targeting online payments made by American and European shoppers.
Two exploits for Microsoft vulnerabilities have been added to the Purple Fox EK, showing ongoing development.
Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.
Four-year investigation shuts down EncroChat and busts 746 alleged criminals for planning murders, selling drugs and laundering money.
Amazon has placed a moratorium on police use of its facial recognition platform – but a congressman asked if that extends to its Ring smart doorbell in a new inquiry.
Even so, backdoors and droppers are rare in the wild.
Several vulnerabilities can be chained together for a full exploit.
Facebook has fixed a privacy issue that gave developers access to user data long after the 90-day “expiration” date.
New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer.
A high-severity flaw allows remote, unauthenticated attackers to potentially gain administrative privileges for Cisco small business switches.
The malware is using DNS tunneling to exfiltrate payment-card data.
Mac expert Thomas Reed discusses how EvilQuest is ushering in a new class of Mac malware.
Never-before-seen Android spyware tools have been used in a widespread APT campaign to spy on the Uyghur ethnic minority group – since 2013.
The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.
Verizon Media has paid nearly $10 million to ethical hackers via HackerOne’s platform.
A rare, new Mac ransomware has been discovered spreading via pirated software packages.
The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis.
UCSF has paid more than $1 million after a ransomware attack encrypted data related to “important” academic research on several servers.
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.
More employees working remotely most likely means an increased reliance on cloud services and applications.
An anonymous bidding mechanism enhances the REvil group’s double-extortion game.
Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.
Comparitech’s Paul Bischoff found that Amazon’s facial recognition platform misidentified an alarming number of people, and was racially biased.
The Homeplug device, from Tenda, suffers from web server bugs as well as a DoS flaw.
The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.
Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident.
The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases.
The creator of the Satori/Okiru, Masuta and Tsunami/Fbot botnets has been sentenced to prison for compromising hundreds of thousands of devices.
App will stop reading users’ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity.
Lawmakers proposed a new bill that would ban the use of facial recognition by law enforcement nationwide.
A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability.
Several high-severity flaws in Nvidia’s GPU display drivers for Windows users could lead to code-execution, DoS and more.
Threat actors shift focus from COVID-19 to employee coronavirus training and current events like Black Lives Matter as cyber-attacks continue to rise.
The CryCryptor malware strain is a brand-new family of threats, leveraging COVID-19 to spread.
A new devilish malware is targeting Windows systems with cryptojacking and DDoS capabilities.
The Lawful Access to Encrypted Data Act is being decried as “an awful idea” by security experts.
An open letter signed by experts in the field from MIT, Microsoft and Google aim to stop the ‘tech to prison’ pipeline.
Attackers are compromising large companies with the Cobalt Strike malware, and then deploying the Sodinokibi ransomware.
Remote work is opening up new insider threats – whether it’s negligence or malicious employees – and companies are scrambling to stay on top of these unprecedented risks.
Recent spearphishing emails spread the Hakbit ransomware using malicious Microsoft Excel attachments and the GuLoader dropper.
A recent DivvyCloud survey found that in 2019, a majority of respondents reported being in the final optimization stages of their cloud journey, with 59% indicating they are in the DevOps Optimization stage (an 11% increase from 2018).
Organizations sent workers home during COVID-19 lockdown without adequate security preparation.
DDoSecrets has published data from over 200 police departments, law enforcement training and support resources and fusion centers.
Adobe will prompt Flash Player users to uninstall the application before the Dec. 31, 2020 end of life date hits.
AMD has fixed one high-severity vulnerability affecting its client and embedded processors; fixes for the other two will come out later in June.
A former Defense Intelligence Agency analyst leaked classified information to two journalists – one of whom he was dating – shedding light on insider threats.
Insider threats, the CIA’s bad security policies, and malicious Chrome extensions were the topics of discussion during this week’s news wrap podcast.
An unpatched vulnerability in the web server of device firmware gives attackers root privileges, researchers said.
Trojan Chrome browser extensions spied on users and maintained a foothold on the networks of financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals and government organizations.
Facebook will report its privacy practices to both the committee, the FTC, and to a third-party assessor.
The malware has boosted its anti-detection capabilities in a new email campaign.
High-severity flaws plague Cisco’s Webex collaboration platform, as well as its RV routers for small businesses.
The June campaign was targeted and aimed at stealing online banking credentials.
Darren James, product specialist with Specops Software, warned that password resets, for example, are a particularly vexing issue for sysadmins, as they can often lockout end-users from their accounts.
Attackers use trusted entities to trick victims into giving up their corporate log-in details as well as to bypass security protections.
InvisiMole is back, targeting Eastern Europe organizations in the military sector and diplomatic missions with an updated toolset and new APT partnership.
A “very rare” malware has been used by an unknown threat actor in cyberattacks against two different Russian organizations in 2017.
The beautiful game is back on the pitch in the U.K. — and cyberattackers will be looking to take advantage of fans streaming the games.
Spreading via poisoned Google search results, this new version of Mac’s No. 1 threat comes with added stealth.
Microsoft report offers insight on how threat actors exploited COVID-19 across the globe.
Game theory has been used in cybersecurity to observe the nature of a cyber incident— where network defenders, attackers, and users, interact with each other and produce an outcome.
A recent malware campaign targeted victims at European and Middle East aerospace and military companies – via LinkedIn spear-phishing messages.
The 12-year-old malware is still dangerous, sporting advanced evasion techniques.
Critical vulnerabilities were patched in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition.
An internal investigation into the 2016 CIA breach condemned the agency’s security measures, saying it “focused more on building up cyber tools than keeping them secure.”
The vulnerabilities affect everything from printers to insulin pumps to ICS gear.
According to industry analyst firm Gartner, as many as one-third of successful attacks on enterprises target data that are housed in unsanctioned IT resources.
This removal, of 32K accounts, is not the first time Twitter has taken action to protect its users from influence operations. Researchers weighed in on the practice with Threatpost.
Intel’s Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks.
Researchers find six bugs in consumer D-Link DIR-865L Wireless AC 1750 Dual Band Cloud Router.
The Magecart group targeted the tween accessories specialist starting the day after it shuttered its retail locations due to coronavirus.
A new hack allowed researchers to discern sound — including “Let it Be” by the Beatles, and audio from a Donald Trump speech — from lightbulb vibrations.
The need to make rapid business decisions and to deliver solutions that meet the needs of customers, deliver continuous uninterrupted service, and rapidly evolve to their highest priorities has resulted in the need to integrate IT and OT through IoT.
The ransomware attack hit the Tennessee city of Knoxville this week, causing disruptions in various services.
Microsoft has joined Amazon and IBM in banning the sale of facial recognition technology to police departments and pushing for federal laws to regulate the technology.
Researchers warn that the Earth Empusa threat group is distributing the spyware by injecting code into fake and watering-hole pages.
Malspam emails are claiming to deliver a survey on BLM — but in reality they deliver the infamous banking trojan.
The Gamaredon APT has started using a new VBA macro to target Microsoft Outlook victims’ contact lists.
Misconfigured dashboards are at the heart of a widespread XMRIG Monero-mining campaign.
Contact tracing apps for the coronavirus are being developed and tested globally as the world starts to re-open. Are the apps worth using to flatten the curve? Or do data privacy worries trump public health?
Because remote workers’ devices are all connected to a home network, they don’t even need to be attacked directly. Instead, attackers have multiple avenues of attack that can be exploited.
The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American energy company, researchers said.
Two critical flaws in Intel AMT, which could enable privilege escalation, were patched along with 20 other bugs in its June security update.
The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board.
Thanos is the first ransomware family to feature the weaponized RIPlace tactic, enabling it to bypass ransomware protections.
The June Patch Tuesday update included CVEs for 11 critical remote code-execution vulnerabilities and concerning SMB bugs.
The FlowCloud modular remote-access trojan (RAT) has overlaps with the LookBack malware.
Critical Adobe Flash Player and Framemaker flaws could enable arbitrary code execution.
Thousands of journalists, advocacy groups and politicians worldwide were targeted by Dark Basin.
Thousands have signed a petition that underscores data privacy issues with Singapore’s newly announced contact-tracing wearable, in development.
The release of a PoC for the Windows flaw known as “SMBGhost” could set off cyberattack waves, CISA warned.
More than 100 executives at a multinational company that’s part of a German task force for creating coronavirus protective gear, were targeted in an ongoing phishing attack.
The one cyber risk that governments are much better at controlling than we are is insider threats. Governments have been dealing with people threats for centuries and have powerful tools at their disposal for such investigations.
Children’s app developer HyperBeard must pay $150,000 after the FTC claimed it violated privacy laws.
Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.
Threatpost editors discuss debunked reports of a Minneapolis police department breach and Zoom announcing only paying users would get end-to-end encryption.
A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users.
To fly under the radar, the newly discovered ransomware is compiled into a Java image file format that’s rarely used by developers.
Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails.
Business email compromise (BEC) attacks represent a small percentage of email attacks, but disproportionately represent the greatest financial risk.
The end-to-end encryption feature will not be offered to free users, Zoom’s CEO said, in case Zoom needed to comply with federal and local law enforcement.
Westech International provides maintenance for the Minuteman III nuclear-missile program and runs programs for multiple branches of the military.
A $5 billion class-action lawsuit filed in a California federal court alleges that Google’s Chrome incognito mode collects browser data without people’s knowledge or consent.
Researchers are warning of spear-phishing emails with CV lures that spread the ZLoader malware, which steals banking credentials from victims.
The newly discovered USBCulprit malware is part of the arsenal of an APT known as Cycldek, which targets government entities.
An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials.
The stealthy backdoor is delivered via mass-market phishing emails that are well-crafted to appear convincing.
Researchers warn of critical flaws in SAP’s Sybase Adaptive Server Enterprise software.
Increase of 37 percent from Q4 2019 to Q1 2020 attributed to creation of remote workforce due to COVID-19 stay-at-home orders.
Full backup copies of website, including all user data, was exposed for 2,700 JRD users.
Google and Qualcomm both addressed significant vulnerabilities in their June updates.
Cisco has patched a high-severity flaw that could lead to denial-of-service attacks on its Nexus switch lineup.
At least 26 different open-source code repositories were found to be infected with an unusual attack on the open-source software supply chain.
The zero-day vulnerability tracked as CVE-2020-9859 is exploited by the “Uncover” jailbreak tool released last week.
DivvyCloud discusses the changing nature of identity access management (IAM) – and what kind of challenges and opportunities that is creating for businesses.
Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims’ third-party applications.
Troy Hunt said that the supposed data breach perpetrated by Anonymous is most likely a hoax.
Database of sensitive info, including emails and passwords, from owners of Daniel’s Hosting portals could be incriminating.
Ongoing spear-phishing attacks aim at stolen Windows credentials for ICS suppliers worldwide.
Attackers managed to compromise NTT Communication’s Active Directory server and a construction information management server.
The Russian spy group, a.k.a. BlackEnergy, is actively compromising Exim mail servers via a critical security vulnerability.
Google TAG report reveals that “hack for hire” firms are tapping into the coronavirus pandemic via WHO phishing lures.
Watchdog group said company has violated the Illinois BIPA and ‘will end privacy as we know it’ without intervention.
The DDoS group sets itself apart by using exploits — but it doesn’t always pan out.
Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities.
The lawsuit, filed against Google by Arizona’s Attorney General, alleges that the tech giant uses “deceptive and unfair conduct” to obtain users’ location data.
Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking.
Phishing campaigns targeting enterprises in U.S. and Germany have been used to nab enterprise mailing info, passwords and certificates.
The latest campaign spread malware via pirate gaming portals.
The new malware family was seen pretending to be an official Italian app, called Immuni.
Passwords and other credentials have been listed on Have I Been Pwned as attack rumors circulate.
a malicious app installed on a device can hide behind legitimate apps.
An updated version of the ComRAT malware was discovered in attacks on governmental targets.
Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.
Even seeing data breaches in the news, more than half of consumers are still reusing passwords.
A lack of awareness about where and how open-source libraries are being used is problematic, researchers say.
Attackers used malicious Excel 4.0 documents to spread the weaponized NetSupport RAT in a spear-phishing campaign.
The meal-kit company’s customer records were leaked as part of the Shiny Hunters breach.
An investigation traces an NSO Group-controlled IP address to a fake Facebook security portal.
Government and air transportation companies in Kuwait and Saudi Arabia were targeted in a recent attack tracked back to the Chafer APT.
Looking for niche anomalies in an automated way with AI and machine learning is the future.
Cisco has fixed a critical remote code-execution flaw in its popular customer interaction management solution.
The malware-as-a-service is advanced, obfuscated and modular — and built for mass campaigns.
Cybercriminals are hunting out victims’ Office 365 credentials — by dishing out Supreme court “summons” in a phishing attack.
Cybercriminals are taking advantage of the Google name and the cloud to convince victims into handing over their login details.
The operators behind the Toll Group attack are taking applications for technically advanced partners.
The business email compromise (BEC) gang Scattered Canary has filed more than 200 fraudulent claims for unemployment benefits and for COVID-19 relief funds.
Threatpost talks to Verizon DBIR co-author Gabriel Bassett about the top takeaways from this year’s Data Breach Investigations Report.
The threat actor known as ‘Sanix’ had terabytes of stolen credentials at his residence, authorities said.
Nearly a quarter of endpoints still run Windows 7, even though support and security patches have ended.
The vacation-centric airline is warning victims about social-engineering attacks.
Researchers link the malware to Wolf Research operators with “high confidence” after it was spotted in campaigns targeting Thai users.
A host of unpatched security bugs that allow BIAS attacks affects Bluetooth chips from Apple, Intel, Qualcomm, Samsung and others.
A critical remote code execution flaw in Adobe Character Animator was fixed in an out-of-band Tuesday patch.
The attack discovered by Cofense can steal sensitive user data stored on the cloud as well as find other victims to target.
Denial of Service (DoS), ransomware, and financially-motivated data breaches were the winners in this year’s Verizon DBIR.
A group of four people calling themselves “Pentaguard” were arrested in house raids.
ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection.
A bug introduced in an iOS software update on the Edison Mail app allowed emails to be viewed by strangers.
The fast-moving botnet has added an exploit for an unpatched bug in an unsupported version of the security gateway.
Threatpost editors discuss recent ransomware attacks and contact-tracing app privacy concerns.
A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.
Quantum technology, which has been touted as “unhackable,” debuts with Samsung, SK Telecom in a world’s first.
Paying ransom to cybercriminals costs companies hit with ransomware attacks more than recovering data on their own, according to a new research.
Descended from the COMPFun RAT, the malware can propagate to removable drives.
A group of children’s privacy advocates alleged in a recent FTC complaint that TikTok violated an agreement to protect children’s private data.
Microsoft is letting Windows Insiders test-drive DNS-over-HTTPS protocol in a pre-release build of Windows 10.
“Healthy Together” app uses a raft of location data, including GPS, cell tower triangulation and Bluetooth, to pinpoint users and ID coronavirus hotspots.
BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.
The cross-site scripting vulnerability could have allowed trivial account takeover.
Texas appellate courts and judicial agencies’ websites and computer servers were shut down after a ransomware attack.
Future features include plenty of self-reporting options, and officials’ fears the data could be misused.
The cyber-espionage toolkit is under active development.
Logins, personal information and tax info were all exfiltrated ahead of the ransomware attack, thanks to a phishing email.
The APT’s new cyber-attack tools are laid bare on three-year anniversary of WannaCry.
Cybercriminals used the REvil ransomware to attack a law firm used by the likes of Lady Gaga, Drake and Madonna. Now, they’re threatening to leak the 756 gigabytes of stolen data.
Important-rated EoP flaws make up the bulk of the CVEs; SharePoint continues its critical run with four worrying bugs.
Severe CSRF to XSS bugs open the door to code execution and complete website compromise.
Adobe patched 36 flaws, including critical vulnerabilities in Acrobat and Reader and its DNG Software Development Kit.
Photo print service Chatbooks has disclosed a data breach after customers’ emails, passwords and more were listed for sale on underground forums.
Threat actors are cooking up new features for the sophisticated banking trojan that targets Google Android apps and devices.
The infostealer has gone above and beyond in its new anti-analysis and obfuscation tactics.
CVE-2020-9315 and CVE-2020-9314 in iPlanet version 7 will not receive patches.
If an attacker can get his hands on a Thunderbolt-equipped device for five minutes, he can launch a new data-stealing attack called “Thunderspy.”
The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes.
Due to the coronavirus pandemic, there will be no in-person Black Hat USA or DEF CON conferences this year.
The emails, hashed passwords and usernames of 3.5 million users of the dating app MobiFriends were put up for sale on an underground forum.
The Shiny Hunters hacking group said it stole 500 GB of data from the tech giant’s repositories on the developer platform, which it owns.
Companies are looking to “shift left” with Infrastructure-as-Code (IaC) security capabilities to improve developer productivity, avoid misconfigurations and prevent policy violations.
The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise.
Cisco has fixed 12 high-severity flaws in its Adaptive Security Appliance software and Firepower Threat Defense software.
As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. A full cryptographic draft architecture will be available on May 22.
Threat actors are buying and selling taxpayer data on hacker forums as well as using phishing and other campaigns to steal various U.S. government payouts.
The Chinese APT has been discovered behind a five-year espionage campaign that compromises government servers – and uses that as leverage for other attacks.
The Dacls RAT has been ported from an existing Linux version.
In the Europol-led takedown, police shut down databases with more than 170 million entries.
A three-month Azure Sphere bug-bounty challenge will offer top rewards for compromising Pluton or Secure World within Microsoft’s IoT security suite.
Australian transportation company Toll Group has been hit by the Nefilim ransomware, causing customers to experience delays.
Investment brokers are the target of a new wave of socially engineered phishing attacks, warns FINRA.
Researchers say spear-phishing emails purporting to be from telecom giant EE are being sent to top corporate execs.
Maintaining visibility and availability when you suddenly have a large remote footprint takes planning.
The domain registrar giant said that the breach started in October 2019.
The botnet uses SSH brute-force attacks to infect devices and uses a custom implant written in the Go Language.
The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week.
Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft.
Hackers targeted Ghost on Sunday, in a cryptocurrency mining attack that caused widespread outages.
CVE-2020-2883 was patched in Oracle’s April 2020 Critical Patch Update – but proof of concept exploit code was published shortly after.
No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers.
Threatpost editors discuss a phishing attack abusing Microsoft Sway, a Microsoft Teams flaw and an Android spyware campaign unearthed this week.
Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.
Threat actors are spreading the tricky trojan through fake messages in another opportunistic COVID-19-related campaign, said IBM X-Force.
The “PerSwaysion” attackers have leveraged a plethora of Microsoft services to compromise at least 150 executives in a highly targeted phishing campaign.
Researchers say the bugs are easy to exploit and will likely be weaponized within a day.
Lessons from Facebook and Google show how to safely scale your environment for security.
Researchers warn that the EventBot Android malware, which targets over 200 financial apps, could be the “next big mobile malware.”
The team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub.
The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges.
Cisco’s IOS XE software for SD-WAN routers has a high-severity insufficient input validation flaw.
Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks.
Overall bot activity on the web has soared, with a 26 percent growth rate — attacks on applications, APIs and mobile sites are all on the rise.
A GitLab path traversal flaw could allow attackers to read arbitrary files and remotely execute code.
Malicious actors could potentially harvest data over the air and use it to shake confidence in the public-health system, EFF says.
Thanks to WFH, IoT refrigerators, Samsung TVs and more can now be back-channel proxies into the corporate network.
Researchers say incidents of mobile malware are becoming more common and growing more sophisticated.
Adobe fixed critical flaws in Illustrator, Magento and Bridge in an out-of-band security update.
The Clop ransomware group has reportedly leaked compromised data of biopharmaceutical company ExecuPharm after a recent cyberattack.
Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.
The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia — and could be the work of the OceanLotus APT.
Several new databases have been uncovered on underground forums sharing recycled Zoom credentials.
Researchers discovered a .git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules.
A pre-auth SQL injection bug leading to remote code execution is at the heart of a data-stealing campaign against XG firewalls, using the Asnarok trojan.
More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses.
Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable.
Now patched flaw allowed attacker to take over an organization’s entire roster of Microsoft Teams accounts.
The free online conference, scheduled for April 28-30, will feature top security researchers from across the industry.
Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, Twitter posts or messages within various apps containing them.
Nintendo account hacks, two Apple zero days reportedly being exploited in the wild, and the NFL virtual draft were all hot topics in the security space this week.
After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked.
Company said there is no evidence that iOS bugs revealed by ZecOps earlier this week were ever used against customers.
Leaked source code for Counter-Strike: Global Offensive and Team Fortress 2 has led to widespread gamer worries about security and cheating.
To pay or not to pay continues to be the question as ransomware targets cities, even amid COVID-19.
Hackers have used credentials allegedly stolen from the WHO, CDC and other notable groups to spread coronavirus misinformation online.
Iran’s Charming Kitten and other nation-state actors are using the coronavirus pandemic to their advantage, for espionage.
Attackers are sending convincing emails that ultimately steal victims’ Skype credentials.
Threat groups are increasingly relying on trojanized apps pretending to be legitimate – such as Skype or Signal – but are really spreading surveillanceware.
The rapidly evolving Hoaxcalls botnet is exploiting an unpatched vulnerability in the ZyXEL Cloud CNM SecuManager in a bid to widen its spread.
Researchers revealed two zero-day security vulnerabilities affecting Apple’s stock Mail app on iOS devices.
Users should update their firmware for three popular smart-home hubs.
The DoppelPaymer ransomware group is claiming that it launched a cyberattack against Torrance – and is now leaking the LA city’s data online.
The flaws exist in Autodesk’s FBX library, integrated in Microsoft’s Office, Office 365 ProPlus and Paint 3D applications.
The SBA said sensitive information about applicants may have been revealed to others applying for disaster loan program funds.
A new Android trojan targets banking customers with overlay attacks to steal their bank credentials and ultimately take over their accounts.
Researchers weigh in on potential security concerns surrounding the 2020 NFL Draft.
Three separate flaws can be chained to achieve full system compromise.
Highly targeted spearphishing emails are being sent to oil and gas companies in hopes of infecting them with the Agent Tesla spyware.
To successfully mitigate evolving attacks, security teams must use the exact same AI tools that create those attacks in the first place.
Research analyzing three months of coronavirus-themed attacks show cybercriminals adjusting threat levels to evolve with pandemic and typical employment trends.
Researchers saw several IoT botnets using one of the bugs in the wild after a proof-of-concept was published in March.
Cognizant has confirmed that a Friday evening Maze ransomware attack has disrupted its systems.
Foxit Reader and PhantomPDF are plagued by several high-severity flaws that, if exploited, could enable remote code execution.
Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.
The DHS urged organizations to update their passwords and make sure that a critical Pulse Secure VPN flaw has been patched, as attackers continue to exploit the flaw.
Linksys Smart Wi-Fi users were forced to reset their passwords after researchers discovered a router hack.
A recent U.S. House Oversight Committee meeting was the latest victim of Zoom bombing, according to an internal letter.
XLS files sent via emails appear password protected but aren’t, opening automatically to install malware from compromised macros, according to researchers.
A honeypot experiment shows just how quickly cybercriminals will move to compromise vulnerable cloud infrastructure.
A never-before-seen RAT is targeting Azerbaijan energy companies with various tools aimed at stealing credentials and exfiltrating valuable data.
Cisco stomped out a critical vulnerability in its IP Phone web server that could enable remote code execution by an unauthenticated attacker.
Crooks manipulated connected TV supply-side ad platforms to create millions of fictional eyeballs.
Alleged Windows flaw allows for remote code execution and is being flogged for $500,000.
More ransomware operators are setting up pages where they threaten to publish compromised data from victims – an added pressure for victims to pay the ransom.
Several fake browser extensions masqueraded as legitimate cryptocurrency utilities in a snowballing campaign.
Taxpayers are being targeted by a new NetWire RAT variant in a recent malspam campaign that makes use of an improved keylogger and an Excel 4.0 Macro.
The Chinese ISP has expanded its program via HackerOne.
Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.
FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.
Microsoft issued 113 patches in a big update, unfortunately for IT staff already straining under WFH security concerns.
While Adobe’s regularly scheduled security updates were light this month, they fixed “important” severity vulnerabilities.
The custom RAT offers persistent access, data exfiltration and lateral network movement.
Cybercriminals aren’t sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware.
As operators struggle to balance the recommendations of social distancing with the need to keep vital services functioning, there is no getting around the fact that conventional remote connections into industrial control networks are a very bad idea.
The popular video-sharing apps’s use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.
New research found that almost half of companies had malware on their corporate-associated home networks – in comparison to malware being found on only 13 percent of corporate networks.
Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.
The Grandoreiro banking malware uses remote overlay and a fake Chrome browser plugin to steal from banking customers.
San Francisco International Airport notified users of two low-traffic websites of a data breach that occurred in March.
Apple and Google announced that decentralized Bluetooth technology will soon be rolled out for coronavirus contact tracing. The privacy implications are worrisome for some.
The payment-card stealer differs from typical malware targeting WordPress-based e-commerce environments.
The bug — rated 10 in severity — potentially affects large numbers of corporate VMs and hosts.
Researchers warn that apps that market themselves as “free” are tricking users to subscribe to services that rack up as much as $500 in charges yearly.
The payout stems from a system-wide attack that knocked global networks offline on New Year’s Eve and reflects a shift in thinking about ransom payouts
Thousands of compromised Zoom credentials were discovered in underground forums as cybercriminals look to tap into the burgeoning remote workforce.
Cloudflare’s CEO said it is replacing Google’s reCAPTCHA tool with hCaptcha due to pricing, privacy and availability concerns.
DDG might be the world’s first P2P-based cryptomining botnet.
Visitors to the fake site expecting antivirus offerings will instead encounter the Fallout exploit kit and a possible malware infection.
The online videoconferencing service added Alex Stamos to the team and has also formed an expert advisory board to grapple with the pains of its COVID-19 growth spurt.
Emails purporting to be a Cisco “critical security advisory” are actually part of a phishing campaign trying to steal victims’ Webex credentials.
Tapplock catches heat for patched vulnerabilities — because of its claims that its smart locks can’t be hacked.
Novel hack allows an attacker to create a mouse-over in a PowerPoint file that triggers the installation of malware.
Researchers say the botnet has emerged over the past three months and shares aspects with Mirai and Qbot.
Hundreds of thousands of malware files are disguised as well-known social conferencing and collaboration apps.
Amid rampant misinformation, users of the Facebook-owned messaging platform can no longer send coronavirus messages to more than one user at a time.
New research used 3D printing technology to bypass fingerprint scanners, and tested it against Apple, Samsung and Microsoft mobile products.
The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through COVID-19, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.
The Microsoft Exchange vulnerability was patched in February and has been targeted by several threat groups.
Ultimately delivering the Triada payload, xHelper goes to great lengths to become virtually indestructible once installed on a smartphone.
FIN6 fingerprints were spotted in recent cyberattacks that initially infected victims with the TrickBot trojan, and then eventually downloaded the Anchor backdoor malware.
Android apps launched for citizens in Iran, Colombia and Italy offer cyberattackers new attack vectors.
More zero-day exploits coming up for sale by NSO Group and others is democratizing the attack vector and placing them within reach of less sophisticated attackers.
The FBI is cracking down on the practice of Zoom bombing, saying the hijacking of web conferences can be punishable by jail time.
The white hat hacker who discovered the vulnerabilities received a $75,000 from Apple’s bug-bounty program.
The attacks are being carried out against Chinese government interests worldwide, according to Qihoo 360.
COVID-19’s effect on work footprints has created an unprecedented challenge for IT and security staff. Many departments are scrambling to enable collaboration apps for all — but without proper security they can be a big risk.
Mozilla Foundation rushes patches to fix bugs in its browser that could allow for remote code execution.
A Bitcoin-mining campaign using the Kinsing malware is spreading quickly thanks to cloud-container misconfigurations.
A group of CDNs and cloud providers are joining in on a fight against common internet routing attacks.
The attack discovered uses World Health Organization trademark to lure users with info related to coronavirus.
Google is rolling out the newest Chrome browser version, 80.0.3987.162, in the coming days.
The feature, criticized for “undisclosed data-mining,” is only the latest privacy faux pas for Zoom this month.
Old phishing kits are being pressed into service to keep up with the unprecedented volume of new scams that exploit the pandemic.
Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.
Attacks using a brand-new card-harvesting code is targeting small- to medium-sized businesses, claiming 19 sites so far.
Like NotPetya, it overwrites the master boot record to render computers “trashed.”
A spate of phishing attacks have promised financial relief due to the coronavirus pandemic – but in reality swiped victims’ credentials, payment card data and more.
A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors.
The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.
An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.
The New York Attorney General has inquired about Zoom’s data security strategy, as the conferencing platform comes under heavy scrutiny for its privacy policies.
An old RAT learns an old trick.
The second breach in less than 24 months stemmed from employee account compromises.
An informal Threatpost reader poll shows the majority of site visitors are privacy absolutists. But attitudes shift when the trade off is saving lives.
Phishing and zero-days continue to be a core part of the APT arsenal.
Zoom removed its Facebook SDK for iOS feature after a report found the app sending Facebook “unnecessary” user data.
The malware is back after three years, looking to cash in on interest in government relief efforts around coronavirus.
The vulnerability can be exploited to reveal limited traffic data including a device’s IP address.
CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the CODESYS web server and takes little skill to exploit.
The food container company’s main website had a card skimmer that scooped up online customers’ payment card data.
The malware, the work of a new APT called TwoSail Junk, allows deep surveillance and total control over iOS devices.
Numerous instances of online conferences being disrupted by pornographic images, hate speech or even threats can be mitigated using some platform tools.
The router DNS hijacking attacks have targeted more than a thousand victims with the Oski info-stealing malware.
With more employees than ever working remotely, there are numerous potential threats that organizations must be aware of.
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.
Apple’s security update included a slew of vulnerabilities in various components of iOS, macOS and Safari – the most severe of which could enable remote code execution.
Researchers say that APT41’s exploits are part of one of the broadest espionage campaigns they’ve seen from a Chinese-linked actor “in recent years.”
Marriage, divorce and death certificates, beneficiary info, passports and more were all caught up in an email takeover hack.
TrickBot victims are being fooled into downloading an app that records their screens – stealing non-SMS 2FA passcodes for banking websites.
The move follows Google’s announcement last May that it would do the same in Chrome by 2022.
The cyberattacks — some on industrial targets — use a previously unknown trojan dubbed Milum.
Is sacrificing your personal privacy worth flattening the coronavirus infection curve? Weigh in on our Threatpost poll.
The DarkHotel group could have been looking for information on tests, vaccines or trial cures.
Adobe has fixed a critical flaw in its Creative Cloud Desktop Application for Windows.
A domain name that points to a website hosting your generated content is still one of the most secure means to ensure that an online identity does not fall prey to hackers or hijackers.
The ad-fraud malware lurks in dozens of childrens’ and utilities apps.
Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers.
Criminals behind botnets Chalubo, FBot and Moobot attack unpatched vulnerabilities in the commercial DVRs made by LILIN.
The unpatched Windows zero day flaws are being exploited in “limited, targeted” attacks, according to Microsoft.
Authorities have cracked down on a website that claimed to give out coronavirus vaccine kits – but that was actually stealing victims’ payment card data and personal information.
Emails claiming to be directly from WHO’s Dr. Tedros Adhanom Ghebreyesus offer “drug advice” — and malware infections.
Hacking contest goes virtual with participants remotely winning $295k in prizes for taking down Adobe Reader, Safari and Ubuntu.
Threatpost editors discuss this week’s top news stories from COVID-19 themed malware attacks to Pwn2Own updates.
The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn.
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.
A poll of Threatpost readers shows that security preparedness is uneven as organizations make an unprecedented transition to remote working.
The high-severity flaws exist in the products using SD-WAN software earlier than Release 19.2.2.
Unit 42 researchers discuss public cloud misconfiguration issues that are leading to breaches of sensitive data.
While many view phishing as a small annoyance, this attack method has maintained longevity for a reason and is still the number one cause of data breaches.
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.
Researchers detail a misconfiguration in Microsoft’s Azure cloud platform that could have given hackers carte blanche access to a targeted company’s cloud services.
Fixes are now available for five critical and high-severity Trend Micro flaws, two of which are being actively targeted by attackers.
A fresh module aims to compromise remote desktop accounts to access corporate resources.
An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and other products.
Privacy advocates advise caution when tracking the movements of patients or those infected with the new coronavirus, as an effort to minimize the pandemic’s effect.
The Federal Government has recommended a starting point for security that highlights some elementary cyber hygiene, such as backups and multi-factor authentication.
Cynet has revealed new data, showing that the Coronavirus now has a significant impact on information security and that the crisis is actively exploited by threat actors.
Researchers warn that a Magecart group has set up skimmers on the blender manufacturer’s website, in hopes of stealing customer payment-card data.
COVID-19 is changing how we work. Weigh in on how your organization is securing its remote footprint with our short Threatpost poll.
Stalkerware called Monitor Minor gives users the ability to creep on a target’s missives swapped via Instagram, Skype and Snapchat.
The Pakistani-linked APT has been spotted infecting victims with data exfiltration malware.
Rise and fall of a Nigerian cybercriminal called ‘Dton,’ who made hundreds of thousands of dollars in a 7-year campaign, outlined in new report.
Using homographic characters is an easy way to execute a convincing fake site.
An academic study found Microsoft’s Edge browser to be the least private, due to it sending device identifiers and web browsing pages to back-end servers.
Organizations are sending employees and students home to work and learn — but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges.
The high-severity flaw allows malicious code injection into website pop-up windows.
The APT group was spotted sending spear-phishing emails that purport to detail information about coronavirus – but they actually infect victims with a custom RAT.
Civil-liberties group wants more transparency about who the government is partnering with and how they are using the information gathered in biometric checks.
While PXJ performs typical ransomware functions, it does not appear to share the same underlying code with most known ransomware families.
Cookiethief steals cookies to infiltrate Facebook and other web service accounts.
A Dutch researcher claimed Google’s very first annual Cloud Platform bug-bounty prize, for a clever container escape exploit.
Researchers with Akamai say that 75 percent of all credential abuse attacks against the financial services industry were targeting APIs.
Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.
Attackers are using YouTube redirect links, whitelisted by various security defense mechanisms, to evade detection.
CVE-2020-0796 affects version 3.1.1 of Microsoft’s SMB file-sharing system and was not included in Patch Tuesday, but patched the following day.
A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.
A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.
The Ultimate Security Budget Plan & Track Excel template provides security executives with a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame.
The tech giant will take control of the U.S.-based infrastructure used by the criminals behind the world’s most prolific botnet used to distribute malware and infect victim computers.
Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.
March security updates include 115 CVEs patching everything from Windows, Office and Microsoft’s new Chromium-based Edge web browser.
The bug has been under active attack as a zero-day.
Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6.
Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data.
Threat actors can easily infiltrate networks because attacks evade detection by typical security protections.
Attackers are purporting to send victims HIV test results – but in reality are convincing them to download the Koadic RAT.
A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn.
New side-channel attacks have been disclosed in AMD CPUs, however AMD said that they are not new.
Ryuk, DoppelPaymer, Parinacota and other ransomware groups are getting more sophisticated, Microsoft warns.
In cybersecurity circles, the Coronavirus is spurring anxiety over the virtual abuse of the deadly disease by scammers.
A Zoho zero day vulnerability and proof of concept (PoC) exploit code was disclosed on Twitter.
Meanwhile, breach incidents have hit Carnival Cruise Lines, T-Mobile and J. Crew customers.
Chris Eng with Veracode talks about how organizations are falling into security debt due to patch management issues.
The high-severity flaws, existing in Webex Player and Webex Network Recording Player, can allow arbitrary code execution.
An analysis of spam subject lines and malicious domains shows that attackers have been betting on Trump and Sanders to snag public interest.
While 1.7 million of the certificates potentially affected by a CAA bug have already been replaced, around 1 million are still active.
Dozens of routers are patched by Netgear as it snuffs out critical, high and medium severity flaws.
A recent phishing campaign used OneNote to distribute the Agent Tesla keylogger.
Around 600,000 of the supermarket’s 12 million loyalty program members have been warned about a cyberattack.
Threatpost talks to Alex Tilley, senior security researcher with Dell SecureWorks’ Counter Threat Unit Research Team, about a recently discovered campaign linked to an Iranian APT.
On Wednesday millions of Transport Layer Security certificates will be revoked because of a Certificate Authority Authorization bug.
An exploit published by a developer is easy to use and has already been used to build malicious apps that gain root access on Android devices.
Troy Hunt said the popular HIBP will continue to be run as an independent service.
‘Advanced Threat Protection Beyond the AV’ is the first resource that guides security executives through the best-practice approach to each security solution.
Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data.
The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.
Several flaws found in Nvidia’s graphics drivers could enable denial of service, code execution and other malicious attacks.
As cities grow more connected, municipal operators must deal with new risks like ransomware, IoT hacks and more.
The tricky trojan has evolved again, to stay a step ahead of defenders.
A security error in the Walgreens mobile app may have leaked customers’ full names, prescriptions and shipping addresses.
The security industry has the perfect skillset and adversarial defense outlook to deal with some of the emerging societal issues in today’s world, said security technologist Bruce Schneier.
The federal agency plans a slew of initiatives to address industrial control security this year.
Patrick Wardle talks about the biggest threats he’s seeing impacting Apple devices.
An automated Google warning to Android app developers regarding mobile app permissions has cut the number of requests in half.
CEO Mary T. Barra addressed the high stakes in rolling out self-driving cars and biometric-enhanced vehicles, where one cyber-event could derail plans for emerging automotive technologies.
From vacuum cleaners to baby monitors, the IoT landscape continues to be plagued by concerning security issues that lead to privacy threats.
The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.
A popular baby monitor has been found riddled with vulnerabilities that give attackers full access to personal information and sensitive video footage.
When it comes to machine learning, research and cybercriminal activity is full speed ahead – but legal policy has not yet caught up.
Between ransomware attacks on healthcare devices, malware-laced “medical” apps, and fraud services available on the dark net, attackers are pushing the boundaries on targeting healthcare.
A new campaign is targeting governments with the ForeLord malware, which steals credentials.
A connected, robotic vacuum cleaner has serious vulnerabilities that could allow remote hackers to view its video footage and launch denial of service attacks.
Research puts the emerging mobile threat—which monitors the whereabouts and device activity of devices users as well as collects personal data—into clearer focus.
Lior Frenkel, CEO and co-founder of Waterfall Security, discusses the top cybersecurity threats that are facing the industrial, manufacturing and critical infrastructure industries.
The annual cryptographer’s panel took on issues of privacy and how new crypto-technologies apply to it in today’s digital world.
Google patches zero-day bug tied to memory corruptions found inside the Chrome browser’s open-source JavaScript and Web Assembly engine, called V8.
The reality of the cybersecurity industry is starkly different than what’s perceived by the rest of the world.
The Department of Homeland Security and two U.S. military branches already had discontinued use of the app based on concerns over Chinese data-security and censorship practices.
The Ultimate Security Pros’ Checklist fully maps the core duties of common security positions, from the core technical security aspect to team management and executive reporting.
Software developer builds a malicious proof-of-concept iOS app that can read data temporarily saved to the device’s clipboard.
A leak at the Defense Information Systems Agency exposed personal information of government employees, including social security numbers.
A new lawsuit alleges that Google’s G Suite for Education program covertly collects data from students, violating both COPPA and other data privacy regulations.
When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then.
From data privacy to industrial IoT cybersecurity concerns, Threatpost editors discuss the top stories they expect to see at this year’s RSA Conference, which kicks off next week in San Francisco.
Scammers are posing as event organizers in a sophisticated fraud effort.
The incident cut off access to e-mail and shared IT services across customer sites of the multinational Denmark-based facility-management firm.
Eight apps – mostly camera utilities and children’s games – were discovered spreading a new malware strain that steals data and signs victims up for expensive premium services.
The Google Play apps violated the tech behemoth’s disruptive advertising policies.
A default password would let anyone access the Cisco Smart Software Manager On-Prem Base platform, even if it’s not directly connected to the internet.
Exaggerated Lion, a newly discovered cybercrime group, uses new and unique tactics to target U.S. companies in BEC attacks.
Two critical Adobe vulnerabilities have been fixed in Adobe After Effects and Adobe Media Encoder.
This week a hacking forum posted data from the breach—which included personal and contact details for celebrities, tech CEOs, government officials and employees at large tech companies.
The attack took a gas compression facility offline for two days, disrupting the supply chain.
More than 55 percent of medical imaging devices – including MRIs, XRays and ultrasound machines – are powered by outdated Windows versions, researchers warn.
A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.
The third catfish attempt in three years from the Palestinian militant group adds a few technical advances to the mix.
Cynet Free Threat Assessment spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active.
Traditional e-mail based scams are also in the mix this year, one in particular that uses the legitimate app TeamViewer to take over victims’ systems.
OurMine took over the Spanish powerhouse soccer team’s Twitter account.
Ring outlined new security and data privacy measures, Tuesday, following backlash of the connected doorbell in the past year.
APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.
Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.
Scam threatens to flood sites using Google’s banner-ad program with bot and junk traffic if owners don’t pay $5K in bitcoin.
A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.
Security experts say that 5G supply chain concerns should be taken seriously – whether it’s in the context of Huawei or not.
The malicious Chrome extensions were secretly collecting users’ browser data and redirecting them to malware-laced websites.
The scam uses a range of themes, including tech-support scares and slot machines.
Customers of RBC, HSBC, TD, Meridian, BNC and Chase are targeted in latest attack.
Top stories of this week include a new Emotet Wi-Fi hack and Robbinhood ransomware operators using a “bring your own bug” technique.
Flaws in the blockchain app some states plan to use in the 2020 election allow bad actors to alter or cancel someone’s vote or expose their private info.
Researchers are urging users of the GDPR Cookie Consent WordPress plugin to update as soon as possible.
A new Data Protection Agency would overhaul federal regulation efforts around data privacy – but experts are skeptical that the U.S. government can get it right.
A recent phishing scam targeted Puerto Rico’s Industrial Development Company.
The tech giant acknowledged some achievements in efforts to bolster mobile app security but recognized more needs to be done.
The release of Firefox 73 fixed high-severity memory safety bugs that could cause arbitrary code execution and missing bounds check that could enable memory corruption.
Among other issues, the music platform didn’t limit the number of login attempts someone could make.
Katie Moussouris sounds off on the challenges behind creating successful bug bounty programs.
The IR Management and Reporting Template attempt to assist the CISO – not only perform a top edge response to cyberattacks but also ensure that this professional and critical work is understood and acknowledged.
Cybercriminals double down on successful internet scams, with a focus on phishing, BEC and other defrauding schemes that have proven to work.
There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update.
The high-severity vulnerability could enable denial of service, privilege escalation and information disclosure.
Middleware data was exposed, which can create a secondary path for malware through which applications and data can be compromised.
Overall, Adobe patched flaws tied to 42 CVEs as part of its regularly scheduled updates.
The uncontrolled search path vulnerability allows a local user to use DLLs to escalate privileges and affects Windows PCs.
The RobbinHood ransomware is using a deprecated Gigabyte driver as the tip of the spear for taking out antivirus products.
Phishing emails have been uncovered that request a full rundown of personal data – even asking for photos of passports.
Feds have charged four members of the Chinese People’s Liberation Army (PLA) in connection with the infamous 2017 Equifax breach.
Misconfigured Docker registries could leak confidential data, lead to a full-scale compromise and interrupt the business operations.”
The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks – and their devices – via brute force loops.
Wacom stated that its data collection is done only in aggregate — but that doesn’t fix the issues, according to security experts.
The flaw was recently patched in Android’s February Security Bulletin.
Downloads of files like images may be banned if they use HTTP connections – even if they are available from an HTTPS website.
RCE and myriad other types of attacks could take aim at the 19 percent of vulnerable companies that haven’t yet patched CVE-2019-19781.
New attacks discovered by Cofense can perform keylogging, steal data and completely hijack a mobile device.
A recent slew of skimming attacks have been linked back to Magecart Group 12.
The malware uses a tactic to force victims to retype passwords into their systems – which it tracks via a keylogger.
The powerful Minebridge backdoor gives cyberattackers full run of a victim’s machine.
What’s trending in cybersecurity? This year’s session submissions tell us.
APT group poses as a former Wall Street Journal journalist to launch phishing campaigns and steal victim email account details.
The file-sharing service also disclosed details of past notable bugs for the first time.
The malware is back in targeted attacks against Brazilian banking customers, this time using a new technique that involves mobile app authorization.
Malware campaign targets global manufacturers that are still dependent on Windows 7 subsystems to run fleets of IoT endpoints.
A high-severity vulnerability could allow cybercriminals to push malware or remotely execute code, using seemingly innocuous messages.
The researcher behind the five critical Cisco flaws, collectively called CDPwn, talks about why Layer 2 protocols are under-researched when it comes to security vulnerabilities.
Cisco has released patches to address the five vulnerabilities, which could lead to remote code-execution and denial of service.
Research have been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December.
Red Kite said that domain-spoofing and convincing scam emails claiming to be from suppliers were the cause.
Customers took to Twitter to air their grievances after some of the transportation giant’s operations were downed.
As part of its February bug fixes, Google is patching a critical severity remote code execution vulnerability and an information disclosure bug.
The medical device giant has issued fixes for bugs first disclosed in 2018 and 2019.
State-sponsored actors may have been behind the social media abuse, said Twitter.
Popular trojan is sneaking its way onto PCs via malspam campaign that uses three levels of encryption to sneak past cyber defenses.
Researchers were able to fool popular autopilot systems into perceiving projected images as real – causing the cars to brake or veer into oncoming traffic lanes.
A new extortion attack has targeted hundreds of users affected by the Ashley Madison breach over the past week.
The tricky trojan evolves yet again, remaining one of the most advanced vehicles for delivering malware.
Agent Tesla and LokiBot are common payloads in the botnet-driven spam effort.
Researchers have observed the cybercrime group back in action, now using a new tactic for distributing malware.
APT34 has been spotted in a malware campaign targeting customers and employees of a company that works closely with U.S. federal agencies, and state and local governments.
Microsoft OS flaws, out-of-bounds reads, ICS gear and a record number of high-severity bugs marked 2019 for the ZDI program.
Larger winnings for underground skills competitions are attracting sophisticated crime groups.
Program is the latest the tech giant has launched that pay users and security researchers to find vulnerabilities in its numerous products.
Developers behind WordPress plugin Code Snippets have issued a patch for the high-severity flaw.
The ongoing global spread of the disease precipitates malware infections.
The recently disclosed Jeff Bezos phone hack and other incidents show that mobile devices are being increasingly targeted by sophisticated nation-state attackers.
Vulnerabilities allow unauthenticated remote attackers to access sensitive device information and launch denial of service attacks.
Reportedly, the bug wasn’t patched, leading to a data breach in July.
The settlement in a case over the social network’s Tag Suggestions feature is the latest financial blow the company has taken over its handling of user privacy.
The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops.
Apple’s iOS 13.3.1 update includes a host of security patches and a way to turn off U1 Ultra Wideband tracking.
After a year of big changes, white hats reaped more from Google’s programs than ever before.
Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others.
Maya Horowitz with Check Point Research discussed recently-disclosed Zoom vulnerabilities that could have opened up web conferencing meetings to hackers.
Due to increasing cyber incidents, more and more organizations come to realize that outsourcing their defenses is increasing the MSSP market opportunities.
Hefty collection of U.S. and international payment cards from the incident revealed in December found up for sale on dark-web marketplace Joker’s Stash.
Researchers have release a new proof-of-concept attack targeting a new Intel Speculative-type bug called CacheOut present in most Intel CPUs.
Threat actors leveraging social media for hacks and misinformation are growing more coordinated.
The Amazon-owned video doorbell uses third-party trackers to serve up rich data to marketers without meaningfully notifying users.
While there are dozens of metrics available to determine success, there are two key cybersecurity performance indicators every organization should monitor.
Researchers warn users not to “blindly” trust the encryption implementations of their LoRaWAN networks.
Zoom has patched a flaw that could have allowed attackers to guess a meeting ID and enter a meeting.
After discovering a wide pattern of potentially malicious behavior in browser extensions, the two search giants are cracking down.
Researchers wonder if a recent “amateur spam” campaign by the once-prevalant malware distribution botnet is a sign of trojans looking to other infection paths.
State senators have issued proposals they say would encourage municipalities to upgrade their cyber-postures.
The new U.K. law mandates that manufacturers apply several security controls to their connected devices.
Ransomware actors are turning their sights on larger enterprises, making both average cost and downtime inflicted from attacks skyrocket.
The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting.
The newly-introduced bill targets the Patriot Act’s Section 215, previously used by the U.S. government to collect telephone data from millions of Americans.
The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems.
The Feds have warned on six vulnerabilities in GE medical equipment that could affect patient monitor alarms and more.
The malicious email campaign included a never-before-seen malware downloader called Carrotball, and may be linked to the Konni Group APT.
The malware uses thousands of partner websites to spread malvertising code.
The critical flaw exists in Cisco’s administrative management tool, used with network security solutions like firewalls.
New research outlines vulnerabilities in Safari’s Intelligent Tracking Protection that can reveal user browsing behavior to third parties.
The competition targets the systems that run critical infrastructure and more.
A newly discovered threat actor named Vivin is raking in Monero from cryptomining malware, showing that this type of attack isn’t going away anytime soon.
The newest version of the sLoad malware dropper comes equipped with infection tracking capabilities and an anti-analysis trick.
The trove of information is potentially a scammer’s bonanza.
The wisdom of security professionals in one place – The State of Breach Protection 2020 survey – gives CISOs information they can use to make more educated, data-driven calls when it comes to their organizational security needs.
Palo Alto Networks’ Unit 42 researchers observed a variant of the wormlike botnet that adds scanner technology to brute-force Web authentication.
More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll.
A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies.
Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products.
New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook.
CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover.
Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.
Researchers say that JhoneRAT has various anti-detection techniques – including making use of Google Drive, Google Forms and Twitter.
The WeLeakInfo “data breach notification” domain is no more.
Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.
Are publicly released proof-of-concept exploits more helpful for system defenders — or bad actors?
Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week’s news wrap.
The agency changed its policy to provide more timely and actionable information to state and local election officials in the case of a cybersecurity breach to election infrastructure.
The flaws affect a key tool for managing its network platform and switches.
iPhone users can now use Bluetooth to secure their Google accounts.
A hellish mix of features shows the 5ss5c ransomware to be the son of Satan.
Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.
New research shows apps that dupe users into being charged excessively with little reward persist on the Android app store.
Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.
There are five different pillars to implement when moving to a modern, zero-trust security model.
Threatpost talks to Venafi about the recently-disclosed Microsoft vulnerability and whether the hype around the flaw was warranted.
A concerted, targeted phishing campaign took aim at 600 different staffers and officials, using Norway as a lure.
Class members have until Jan. 22, next week, to claim benefits.
Legal battle pitting Feds against the tech giant over data privacy and device security in criminal cases seems inevitable.
The ‘Security for Management’ PPT template follows the commonly accepted NIST Cyber Security Framework as an overall outline and includes open sections that are to be completed with respect to each organization’s unique security state.
The malware is new and in the early stages of its development — but packs a sophisticated punch.
The software giant patched 300+ bugs in its quarterly update.
The flaw, in Intel VTune Profiler, could enable privilege escalation.
Magecart groups using automated infection scans infected the site, which was running outdated Magento software.
January Patch Tuesday tackles 50 bugs, with eight rated critical, all as it pushes out its last regular Windows 7 patches.
Google says it has a two-year timeline for phasing out support for third-party cookies in its Chrome web browser.
The cloud-focused program will pay out $10,000 as its top reward.
Overall Adobe patched nine flaws in Illustrator CC and Experience Manager.
Refusal to unlock the phones of a Florida shooter could set up another legal battle between Apple and the Feds over data privacy in the case of criminal investigations.
The wide-scale phishing scam reportedly started in early November and continued through December, before it was discovered by the Texas school district.
Google has removed 17,000 Joker-infested apps from the Play store to date.
CES wiz-bang surveillance tech gives privacy advocates the willies.
The issue lies in underlying reference software used by multiple cable-modem manufacturers to create device firmware.
Over 25,000 servers globally are vulnerable to the critical Citrix remote code execution vulnerability.
Cisco patched two high-severity flaws this week, in its Webex and IOS XE Software products.
A Virgin Mobile-branded phone distributed by Assurance Wireless to low-income U.S. citizens has a trojan pre-installed that can download additional malware.
Researchers say that physically disruptive attacks aren’t imminent, but an increased focus on U.S. electrical-grid operators doesn’t bode well.
Users of GnuPG, OpenSSL and Git could be in danger from an attack that’s practical for ordinary attackers to carry out.
Ring said that four employees were fired because for inappropriate access to customers’ connected video feeds.
The California Consumer Privacy Act has been adopted, but the largest U.S. privacy regulation fails to address how companies can know where their data is.
The PowerTrick backdoor, which fetched yet other backdoors, is designed to help TrickBot evade detection.
A hacker who apparently likes the musician Drake leaves lyrics from the artist’s song In My Feelings behind in an attack that delivers malware Lokibot or Azorult.
A Romanian national has been sentenced to 5 years in prison after racking up almost $400,000 in an ATM skimming scheme.
Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then.
The case highlights the rising issue of stalkerware, which has reached epidemic proportions.
Mozilla tackles high-severity bugs in its latest Firefox 72 and Firefox ESR 68.4 releases at the same time rolls a major privacy feature .
The video sharing app has fixed several flaws allowing partial account takeover and information exposure.
January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7.
Google’s first security update of 2020 addressed seven high and critical severity Android flaws.
Researchers suspect the cybercriminals attacked using an unpatched critical vulnerability in the company’s seven Pulse Secure VPN servers.
It’s unclear yet whether the Cupertino giant will assist, given past history of court battles over such incidents.
Despite the difficulties of identifying deepfakes, social media sites are recognizing the need to crack down on the manipulated, misleading videos.
The communications app faces continued backlash after a New York Times report said it was used as a government spying tool.
The latest attack takes aim at a vertical-specific e-commerce platform.
One threat actor appears to be behind several ongoing, related campaigns.
The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump.
Days before Christmas, employees found out that The Heritage Company had been hit by a ransomware attack and was “temporarily suspending operations.”
Cisco patched three authentication bypass bugs tied to its DCNM platform used to manages NX-OS.
Gas stations will become liable for card-skimming at their pay-at-the-pump mechanisms starting in October.
The foreign-currency-exchange giant said that it has been hit by a virus, affecting retail customers and banking partners alike.
The issue came to light after a Reddit user claimed being able to see strangers on his Xiaomi Mijia smart camera.
Landry’s announced that more than 60 of its restaurants may be affected by payment processing system malware.
On Wednesday California adopted the strictest privacy law in the United States.
The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform’s relationship with China grows.
Use the seven points listed above to create an effective and efficient operational workflow and, importantly, happier analysts who aren’t buried at the bottom of a pile of mostly irrelevant data.
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
The Internet of Things vendor confirmed that customer data was left unsecured on an Elasticsearch database.
Given that the average time to weaponizing a new bug is seven days, you effectively have 72 hours to harden your systems before you will see new exploits.
Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.
Researchers warn that five vulnerabilities that stem from SQLite could enable remote code execution.
2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.
Threatpost examines the challenges – and opportunities – that women are facing in the cybersecurity landscape.
The flaw resides in the Citrix Application Delivery Controller and Gateway.
Mature machine learning can analyze attack strategies and look for underlying patterns that the AI system can use to predict an attacker’s next move.
2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Here’s the Threatpost Top 10 for data-breach news of the year, featuring all the low-lights.
2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.
Cyber-disclosure statements noting how long a company can go without a breach can help customers understand the reality of cyber-incidents and their exposure to loss.
Twitter for Android users are urged to update their app to fend off a security bug that allows hackers to access private account data and control accounts to send tweets and direct messages.
From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.
In this sponsored podcast, Threatpost sits down with Arctic Wolf’s Matt Duench to discuss the lessons learned from this year’s top data breaches.
From ransomware ramp up, to voice assistant privacy perils, the Threatpost team breaks down the top news stories from this past year.
The Swedish climate-change activist is the lure in a massive global malware campaign.
Artificial intelligence can provide manpower, context and risk assessment.
Wawa said that payment-processing system malware had potentially affected all 850 of its locations.
The tech giant is looking for full working exploits with any vulnerability submission.
Researchers believe that criminals were able to obtain personal information for millions of Facebook users.
Phishers are using “black SEO” to lure users in to malicious downloads masquerading as the latest Star Wars movie.
The leaky database was online for about a week, exposing customers’ vehicles information and personal identifiable information.
Many employees don’t follow company security policies when they use handy productivity tools.
A Motherboard report found Ring lacking basic security measures for preventing hackers from hijacking the devices.
An attacker could exploit CVE-2019-1491 to obtain sensitive information that could be used to mount further attacks.
Remote attackers can easily compromise the device and pivot to move laterally through the LAN or WAN.
The data breach disclosure was met with ire from customers whose lab test results, health card numbers and more were accessed.
The streaming video and podcast content company was hit by a payment-card attack.
Cynet’s Ultimate Cybersecurity Job Posting Templates provide a list of the main responsibilities and skills for typical security positions, built upon research and providing IT and security managers with pre-set template job descriptions so that there is no need to create them from scratch.
The Epilepsy Foundation has filed a criminal complaint against undisclosed Twitter users who users its Twitter feed to post seizure-inducing content.
Researchers say that Amazon and Google need to focus on weeding out malicious skills from the getgo, rather than after they are already live.
13 new exploits have been added to the malware’s bag of tricks.
The ransomware attack earlier this month led the hospital system to reschedule surgeries and appointments.
While the best protective measures can’t protect your business completely from a zero-day attack, many of the same cybersecurity best practices are useful for protecting against zero-day exploits.
The DevOps lifecycle management said that response to its year-old bug-bounty program has been robust.
Omnichannel views of customers are a competitive edge — but they have to be appropriately implemented.
The BITS file-transfer component of Windows as a key piece of sLoad’s attack methodology.
One flaw found in WordPress plugins Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor is actively being exploited.
Paying at the pump has landed in the sights of the notorious PoS-skimming group.
Seventeen bugs could be exploited to stop electrical generation and cause malfunctions at power plants.
Check out our list of top 10 things to do to protect your organization from the deepening scourge of ransomware.
Maze exfiltrates data as well as locks down systems. Officials said they don’t know yet whether any residents’ personal information has been breached.
Manufacturers of the Twinkly IoT-connected lights slightly boosted security by switching out the Wi-Fi module, according to Pen Test Partners.
A couple of factors this year are making the 2019 holiday shopping season a circus for cybercriminals when it comes to cyberattacks against retail orgs.
The malware affected 100 different online publishers.
Several toys that were tested have been found lacking authentication measures, opening them up to an array of insidious attacks.
Apple fixes bug that allows nearby hackers to render iPads and iPhones unusable.
The secure messaging service is looking to address usability issues.
The Intel attack uses a similar technique that gamers commonly use to overclock their CPUs.
An unprecedented connection between the North Korean APT and the crimeware giant spells trouble for global banks and other cybercrime targets.
December 2019’s relatively light Patch Tuesday update also fixes seven critical flaws.
The cyberattack comes days after a shooting at U.S. military base Naval Air Station Pensacola rocked the city.
Snatch has burst on the scene, featuring an array of executables and tools for carrying out carefully orchestrated attacks.
The patches are part of Adobe’s regularly-scheduled fixes.
Amazon has rolled out patches for the vulnerabilities and users are urged to confirm their device is updated to firmware version 2.13.11 or later.
Today you can access the aggregated and analyzed 2020 Cybersecurity Salary Survey Results and gain insight into the main ranges and factors of current cybersecurity salaries.
Biometric facial scanning won’t be a requirement for all U.S. citizens traveling internationally after all, the department decided.
A platform that allows online applications for copies of birth certificates did not store its data properly.
Since 2007, the two allegedly operated a cybercrime ring called “Bayrob Group.”
A phishing attack is masquerading as messages from the game’s developers.
A PR and marketing provider exposed sensitive data for a raft of big-name companies.
The platform has linked documents posted on its site to a vote-manipulation campaign already observed on Facebook earlier this year.
Most counties are not protected from impersonation-based spearphishing attacks.
Authorities say they have halted over 600 domestic money mules – exceeding the 400 money mules stopped last year.
In this past week, the authorities have cracked down on various BEC scams and cybercrime gangs.
In a coffee-shop scenario, attackers can hijack “secure” VPN sessions of those working remotely, injecting data into their TCP streams.
Facebook has paid over $4 million to victims to reimburse them for the unauthorized ads purchased using their ad accounts.
Researcher discovered a MacOS trojan hiding behind a fake crypto trading platform believed to be the work of the state-sponsored North Korean hackers behind WannaCry.
Security experts say the incident shows that cybercriminals are using ransomware to hit companies where it hurts.
Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration.
Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle.
HackerOne has paid out $20,000 to a bounty hunter who discovered a session cookie issue, due to “human error,” on the bug bounty platform.
The authentication bypass (CVE-2019-19521) is remotely exploitable.
Researchers uncovers “ultimate man-in-the-middle attack” that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business.
Larger SMBs are more likely to feel targeted by APTs.
Nebraska Medicine is warning that a rogue, former employee accessed patients’ medical records, Social Security numbers and more.
A previously undocumented loader has been discovered in several recent malware campaigns and being sold on underground markets.
Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing.
The EFF explains how data is being tracked and used on the web and mobile devices, how consumers can protect themselves – and why it’s not all bad news.
Prosecution asks for imprisonment of the hacker who stole nude photos and other personal data from women’s iCloud accounts and then distributed some of the material online.
Now all travelers to and from the U.S. – even if they are U.S. citizens – will be subject to facial recognition-based checks, a new filing revealed.
A successful attack could wreak havoc, given the potential for biometric forgery, and a lack of options in the event one’s biometric profile is stolen.
More than 90 percent of Android apps running on the latest OS encrypt their traffic by default.
The December security update stomped out critical denial-of-service (DoS) and remote-code-execution (RCE) vulnerabilities in the Android operating system.
It’s important for businesses of all sizes to not only view their suppliers’ attack surface as their own but also extend some of their security protections.
The flaw can allow hackers to take over typical device functions like sending messages and taking photos because users think malicious activity is a mobile app they use regularly.
Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover.
The infrastructure behind a remote access tool (RAT) allowing full remote takeover of a victim machine has been dismantled.
A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.
TV takeover, privacy threats, botnet concerns and Wi-Fi network compromise are all big concerns when it comes to connected TVs.
Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.
Amazon’s facial recognition would alert Ring users if “suspicious” individuals are near their house.
38 million consumer health records have been exposed so far in 2019.
Firm defends controversial business offerings, claims it should be considered a force of good.
Malicious mobile apps could be created to scrape and share profile information, email addresses and more.
Yet another connected smartwatch for children has been discovered exposing personal and location data of kids – opening the door for various insidious threats.
The COPRA legislation would provide GDPR-like data protections, and create a new FTC enforcement bureau.
A cryptomining malware has infected at least 80k devices and uses various tactics to evade detection.
He and co-conspirators stole 50 gigs of music and leaked some of it onto the internet.
This new skimming/phishing hybrid threat tactic means that even stores that send customers to external payment processors are vulnerable.
Convincing employees to take security seriously takes more than awareness campaigns.
Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware – including domain impersonation, social media giveaway scams, and a malicious Chrome extension.
The info-stealing malware has updated its password-grabbing module.
The malware was introduced to the police network via a contractor who was installing a digital display.
A newly announced data breach of several popular Catch restaurants stemmed from malware on its point-of-sale (PoS) systems.
Hackers turn to old-school mail-forwarding scams to commit modern-day ID theft and financial crimes.
DNS, rogue employees and phishing/social engineering should be top of the list of threat areas for organizations to address.
Some of the bugs allow remote code-execution.
Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous.
Financial institutions are in the crosshairs of hackers leveraging the malware to steal sensitive data.
From stalkerware to Amazon Ring doorbell outrage, Threatpost editors break down the top news stories of the week.
The company expanded its Android bug bounty program as one of several recent moves to ramp up mobile security.
Amazon’s Ring data collection policies are in the spotlight.
Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks.
A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Linux Webmin servers.
The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.
The Ultimate 2019 Security Team Assessment Template is a unique tool that encapsulates all the major KPIs of the organizational security team’s main pillars.
Check Point researchers found that hundreds of marquee Android mobile apps still contain vulnerabilities that allow remote code-execution even if users update.
The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place.
In scope RCE Mozilla bug bounty payouts have also tripled to reach $15,000.
Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.
Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.
The majority give outside partners, contractors and suppliers administrative access — without strong security policies in place.
The passwords of more than 2.2 million users of a gaming and cryptocurrency website were dumped online after dual data breaches.
The infection apparently made its way in through third-party systems.
The list of routers that have critical RCE bugs, that have reached end of life and that won’t get fixed has grown.
Google has disclosed a now-fixed issue that enabled third-party apps to access a disturbing set of permissions for its Camera App built into Android phones.
The malware has backdoor functionality and the ability to steal payment cards and credentials.
An executable file disguised as a .jpg leads not only to ransomware but also its builder, which can be used to create variants.
Obfuscated Magecart script was discovered on two Macys.com webpages, scooping up holiday shoppers’ payment card information.
Survey reveals that skepticism towards privacy issues remain at an all-time high.
The flaw can be trivially exploited.
Thousands of accounts showed up on hacking forums — and customers say Disney has been no help.
Using a real Office 365 account at a legitimate company to send out lures helps phishers evade email defenses.
The web skimmer has been spotted on at least 17 popular eCommerce websites, a new Visa alert warns.
Threatpost talks to Anthony di Bello with OpenText, at ENFUSE 2019, about the successes and failures of security regulations, and how companies are changing as they struggle to keep up with compliance issues.
White-hat hackers using never-before-seen zero days against popular applications and devices against competed at two-day gathering in Chengdu.
The copycat sites are using valid certificates to be more convincing.
Former national intelligence director James Clapper discusses lessons learned from the 2013 Snowden leak as well as the top cyberthreats that the U.S. is currently facing.
The threats follow a DDos attack bent on taking out the Labour Party’s online presence.
What are the best practices when evaluating security vendors in a crowded landscape? Arctic Wolf discusses.
A threat campaign active since January customizes long-used droppers to infect victim machines and lift credentials and other data from browsers, according to Cisco Talos.
A lengthy, multi-stage infection process leads to a duo of payloads, bent on stealing data.
Now that the checkm8 BootROM vulnerability has a working exploit, security pros are warning of potential attacks.
In this video, a security expert discusses the California Consumer Privacy Act (CCPA), and its potential impact on privacy regulation across the U.S.
Code-injection via third- and fourth-party scripts — as seen with Magecart — is a growing security problem for websites.
The APT is using small botnets to take espionage aim at military and academic organizations.
The campaign is consistent with emerging tactics from bad actors to use increasingly sophisticated social engineering and spoofing to deliver malware.
The Comprehensive Compliance Guide can help security leaders save time and resources from creating their own compliance evaluation methods.
PureLocker is an example of the sustained and continuing efforts ransomware threat actors are putting into malware development.
Threatpost sits down with incident response expert Kevin Golas to discuss the top takeaways of ENFUSE 2019 this week.
Data privacy is a fundamental right for Americans – but new emerging technologies like drone, IoT and facial recognition are introducing gray areas.
“Project Nightingale” is fully HIPAA-compliant, according to Google — but researchers said they see big red flags for consumer data privacy.
Hospitals and IoT device manufacturers must take a dual approach in securing connected telehealth devices.
U.S. Customs agents now must have reasonable cause and suspicion to search traveler devices at points of entry.
Rogue employees — not just external threat groups — pose a formidable threat to incident response teams.
Microsoft tackles 74 bugs as part of its November Patch Tuesday security bulletin.
IIoT-generated data – calibrations, measurements and other parameters – still need to be stored, managed and shared securely.
The issue is in an Intel chip used for remote management.
The platform is a favorite target for the Magecart collective of card-skimming threat groups.
Adobe’s monthly patch load is low for November, with only three critical bugs and eight important ones fixed.
The move takes a broader stand to protect user data and support the requirements of CCPA nationwide.
The specific type of TCP attack used in the recent spate of DDoS efforts were TCP SYN-ACK reflection attacks.
When it comes to bouncing back, long-term impact to share prices from a data breach incident is significant on average for large companies.
SmarterASP.NET said that it is in the middle of recovering accounts downed by the ransomware attack.
Apple is investigating an issue raised by a Mac specialist discovered to be storing emails that are supposed to be S/MIME-encrypted as readable files.
The trojan was observed as the final payload in a sophisticated and complex malware installation code set.
Fallout from giants at the top is one of the largest drivers of cyber-impacts on everyday people and companies.
Unlike Elliot, real-world adversaries don’t have lofty ideals nor do they suffer crises of conscience.
The latest edition of the bi-annual hacking contest saw creative exploits in new device categories.
From voice assistant hacks to insider threats, Threatpost editors break down this week’s biggest news.
Attackers could access Wi-Fi credentials due to a problem in initial configuration of the smart doorbell device.
The DoJ charges former Twitter employees for allegedly accessing thousands of accounts on behalf of Saudi Arabia.
Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlying component.
Vulnerabilities in several PC gaming products offered by Nvidia can lead to escalation of privilege, denial of service and other malicious attacks.
Mission-critical systems can’t just be switched off to apply security updates — so patching can take weeks if not years.
Despite trillions of dollars in breach fine payouts, each year the number of compromised companies and individuals with private data exposed rise.
The tech giant formed an alliance with three endpoint security firms aimed at stopping malicious apps before they get to the Google Play Store.
Tactics for when authorized users need to connect to network resources, or need to venture out to the web to complete important tasks.
A targeted campaign is delivering an information-stealing malware called Predator the Thief.
Trend Micro customers whose data was sold are getting scam calls from criminals purporting to be support staff.
Facebook said that 100+ third-party app developers had access to restricted data for members of Groups, in its latest privacy snafu.
The group was exposed after a ShadowBrokers leak.
Since Emotet came out of hibernation last month, researchers are seeing the banking trojan’s authors take on a consistent trend of new evasion tactics and social engineering techniques.
Web analytics help phishers hone their attacks — but website defenders can also use these tactics to better detect the scope of attacks and mitigate their effects.
The 2020 Security Plan PPT template helps security professionals engage their organization’s decision-makers and gets their backing for critical security decisions.
Cybercriminals are leveraging political names and figures for social engineering as the elections loom.
Incident that exposed emails to a PayPal scam once again highlights the persistent nature of third-party security risk.
Stealing payment-card data and PII from e-commerce sites has become so lucrative that some are being targeted by multiple groups at the same time.
Smart voice assistants can be hijacked by attackers using lasers to send them remote, inaudible commands.
Wake-on-LAN and ARP pinging have expanded Ryuk’s reach into corporate LANs — and its operators’ monetization abilities.
The network configuration management utility has two unpatched critical remote code execution vulnerabilities.
In September, a Nikkei America employee transferred $29 million to BEC scammers who were purporting to be a Nikkei executive.
The first attacks that exploit the zero-day Windows vulnerability install cryptominers and scan for targets rather than a worm with WannaCry potential.
Researchers warn XLM macros embedded in SYLK files can sidestep Microsoft Office for Mac protections.
A simple attack on an unpatched server could have been catastrophic for the Utah-based utility.
Threatpost editors discuss this week’s biggest news – from a data breach of Bed Bath & Beyond, a tricky phishing attack and widespread APT activity.
An elaborate fraudster ring stole PII then allegedly used DoD and VA benefits portals to steal payments and funds from bank accounts.
QNAP Systems says there is no known way to remove the Qsnatch malware infecting its NAS devices besides a full factory reset.
Google warns exploits in the wild against a Use After Free vulnerability in Chrome’s audio component.
The Ai.type app was removed from Google Play in June 2019 – but still remains on millions of Android devices and is still available from other Android marketplaces, researchers warn.
Researchers believe the threat group is based in China.
Chinese state-sponsored hackers are attacking telecom networks to sniff out SMS messages that contain keywords revolving around political dissidents.
While it remains difficult to attack critical infrastructure successfully, adversaries aim to use past experience to launch more destructive future attacks, according to analysis.
Executives at high-profile companies are being targeted by a fake voicemail campaign hunting for Office 365 credentials.
Servers hosting Valve Source Engine and popular games like Fortnite are targeted by a new variant of the Gafgyt botnet.
The company received $3.6 million in cyber insurance – out of $71 million incurred in damages after a massive March cyberattack.
John Scott-Railton with Citizen Lab, who helped WhatsApp investigate the NSO Group over the alleged WhatsApp hack, said the subsequent lawsuit is a “certified big deal.”
Of the 200 schools in the report, the University of Pittsburgh and Georgetown University received top marks, with their DMARC policy set to “reject.”
The housewares giant disclosed a breach with few details– but security researchers have some theories.
MDR providers can provide a first-of-its-kind solution: Protection across the endpoints, user accounts and the network itself, in one solution.
The source of infection behind an increasingly precarious mobile malware is causing researchers to scratch their heads.
A Shadow Kill Hackers attack that compromised the city’s network and shut down key services was the second ransom-related attack on the city in months.
The proposal would require biometrics systems to verify age before allowing visits to adult sites.
In a new lawsuit, WhatsApp owner Facebook says that NSO Group was behind the WhatsApp zero-day exploits earlier in 2019.
1.3 million stolen cards, mostly from India, could fetch $130 million for the cybercrooks.
A new version of the typically platform-agnostic Adwind trojan has been spotted targeting Windows applications and systems and Chromium-based browsers.
The APT is once again targeting the sports world, Microsoft warns.
The attack on local web-hosting provider Pro-Service – likely politically motivated – took out 2,000 websites and the national television station.
Overall, across all retail programs, more than 18 percent of all bug bounty submissions are critical in severity, a new Bugcrowd report found.
UniCredit was also hit with hacking incidents in September-October 2016 and June-July 2017.
White-hat hackers will now have the chance to win $20,000 for sniffing out remote code-execution flaws in industrial control systems.
CVE-2019-11043 is trivial to exploit — and a proof of concept is available.
A Magecart skimmer, discovered on the site of First Aid Beauty, was only just removed after being in place for five months.
Attacks are targeting international companies in the financial sector, demanding that victims pay ransom in Bitcoin.
Senators penned a letter to the FTC urging it to investigate whether Amazon is to blame for the massive Capital One data breach disclosed earlier this year.
A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time.
From hacking hotel room robots to crackdowns on stalkerware apps, Threatpost editors break down this week’s top news stories.
Targeted ransomware, mobile malware and other attacks will surge, while companies will adopt AI, better cloud security and cyber insurance to help defend and protect against them.
An open cloud database sets the stage for phishing attacks for users of the subscription service.
Potential follow-on attacks on religious organizations could include credit-card theft via spearphishing, fraud and network intrusion.
A new information stealer is gaining rapid popularity with the cybercriminal community – leading to it infecting hundreds of millions of victims.
Scammers are targeting those hoping for #CashAppFriday “blessings.”
Samsung is reportedly rolling out fixes for a glitch that allowed anyone to dupe its Galaxy S10 fingerprint authentication sensor.
Consumers don’t vet apps well enough to mitigate mobile threat risk, according to the latest mobile-threat report from RiskIQ
Researchers have uncovered malware in 17 iOS apps that were removed from Apple’s official App Store.
An unsecured NFC tag opens a door to trivial exploitation of robots inside Japanese hotels.
Two high-severity vulnerabilities in a Fujitsu wireless keyboard expose passwords and allow keystroke injection attacks.
With DoubleClick, Analytics and AdWords under its belt, Google continues dominating when it comes to global data collection for advertising, a new report found.
Multiple critical memory safety bugs in Firefox 69 and Firefox ESR 68.1 in particular affect medium and large government entities and enterprises.
A fresh look at the penetration testing tool Metasploit reveals the 15-year old hacking tool still has some tricks up its sleeves, even against modern defenses.
The FTC has banned the sale of three apps – marketed to monitor children and employees – unless the developers can prove that the apps will be used for legitimate purposes.
The Qode Instagram Widget and Qode Twitter Feed both have bugs that could allow redirects to malicious sites.
Karsten Nohl, who was behind this week’s research that outlined new eavesdropping hacks for Alexa and Google Home, says that privacy for smart home assistants still has a ways to go.
The Magecart splinter group known for supply-chain attacks appears to be tied to advanced threat actors.
A survey of nearly 300 Black Hat conference attendees this year showed strong agreement that service accounts are an attractive target.
By monitoring their environment, companies can be ready to take action if any weakness – usually a software vulnerability – is found.
A report by HP found that most people admit to looking at others’ computer screens and documents in the workplace while still keeping their own privacy top of mind.
A host of new features have been added to the malware.
The travel reservation data, along with personal details, of hundreds of thousands was discovered in a database exposed online for all to see.
The Russian-speaking APT stole the Neuron and Nautilus implants and accessed the Iranian APT’s C2 infrastructure.
Avast said it believes that threat actors are again looking to target CCleaner in a supply chain attack.
Developer interfaces used by Security Research Labs researchers to turn digital home assistants into ‘Smart Spies’.
Researchers can earn up to $15,000, depending on the severity of the bug found.
The bill is a direct shot at big tech companies like Facebook as senators try to reel in data-collection policies.
A cryptomining infection spread to half of the workstations at a major international airport.
A patch is currently under revision but has not yet been incorporated into the Linux kernel.
At what point will infiltrating companies via the “insider threat model” become less costly and difficult than using malware? Threatpost discusses with a SolarWinds expert.
Lawyers will get $1.6 million in a settlement that stems from a breach that affected more than 24 million customers.
A decade-old botnet is using infected computers to send out sextortion emails, in a wide-scale campaign with the potential to reach millions of victims.
The theft of 26 million card records from an underground site offers valuable intel for banks.
A misconfigured website development tool exposed hundreds of email servers to takeover, including President Donald Trump’s official campaign website.
Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.
The flaws in the container technology, CVE-2019-16276 and CVE-2019-11253, are simple to exploit.
Here are things you can do right now to shore up your defenses and help your recovery when you get hit.
Silent Librarian cyberattackers are switching up tactics in a phishing scheme bent on stealing student credentials.
Two different payloads are hiding in audio files, each paired with one of three loaders.
A worm with a randomized propagation method is spreading via the popular container technology.
Threatpost talks to Digital Guardian’s Tim Bandos about the top insider threats that enterprises are facing today.
For many security decision-makers, the real challenge is communicating the ongoing IR process to their management.
A report reveals data, services and toolkits available for cybercriminals are becoming more expensive and sophisticated.
A U.K. woman alleged that her husband was able to bypass her Samsung Galaxy S10 smartphone’s fingerprint reader when the phone was encased by a third-party screen protector.
Researchers create digital dossiers of mobile users scraped from Tor network traffic.
Unknown, vulnerable systems are present in nearly every ship environment that researchers have pen-tested.
A fake website purports to enable iPhone users to download an iOS jailbreak – but ultimately prompts them to download a gaming app and conducts click fraud.
The bug allows users to bypass privilege restrictions to execute commands as root.
The attack left customers unable to access key services for shipping and mailing, the company said.
Deepfake technology is becoming easier to create – and that’s opening the door for a new wave of malicious threats, from revenge porn to social-media misinformation.
The company acknowledged it’s using ‘safe browsing’ technology from Tencent, which has ties to the Chinese government.
Without naming Huawei, the EU warns on state-backed 5G suppliers.
Hackers were able to steal an AWS administrative API key housed in a compute instance left exposed to the public internet.
A new dropper and payload show that Fin7 isn’t going anywhere despite a crackdown on the infamous group by law enforcement in 2018.
A campaign first observed last year has ramped up its attack methods and appears to be linked to activity targeting President Trump’s 2020 re-election campaign.
A hacker is selling the email addresses of 250,000 users of a Dutch sex-work forum — data that researchers say could be used for blackmail.
An alleged fraudster built a vast web of AWS cloud accounts, becoming the platform’s biggest consumer of data resources.
The Attor malware targets government and diplomatic victims with unusual tactics.
Apple has been called out by Chinese state-run media as protecting “rioters,” while Blizzard bans a Hearthstone player for supporting Hong Kong.
Attackers exploit an “unquoted path” flaw in the Bonjour updater in iTunes for Windows to deliver ransomware attacks.
Have a laugh at the dynamics of the CISO and vendor relationship as a series of humorous videos explore the challenges.
The vulnerability stems from an issue with DLL loading in Open Source Hardware, used by tens of millions of computers, researchers say.
The Intel NUC and Nvidia Shield both are vulnerable to high-severity flaws, Intel and Nvidia warned in dual advisories.
Study participants fail to correctly identify core security concepts and tools to help them stay safe online.
Increasing concerns over unauthorized surveillance, integration with facial recognition and more are plaguing the doorbell-video camera company.
In this sponsored podcast, Threatpost talks to Spycloud’s Chip Witt about the account takeover risks posed by third parties.
Data collected for two-factor authentication purposes “inadvertently” matched users to targeted-advertising lists, the company admits.
Microsoft has released fixes for nine critical and 49 important vulnerabilities as part of Patch Tuesday.
Apple released fixes for Catalina and patches for iCloud and iTunes for Windows software.
A new campaign is evading secure email gateways that rely on identifying word patterns in order to filter out spam.
Google’s October security update fixed several critical and high-severity vulnerabilities.
U.S. and U.K. agencies warn consumers to update VPN technologies from Fortinet, Pulse Secure and Palo Alto Networks.
A pair of laws provides recourse for victims of deepfake technology.
Millions of iOS users could be vulnerable to man-in-the-middle attacks that trace back to flawed Twitter code used in popular iPhone apps.
CVE-2019-16920 allows remote unauthenticated attackers to execute code on a target device.
A trio of Alabama hospitals have decided to pay for a decryption key.
A group called Phosphorous has been trying to access Microsoft-based email accounts of people associated with the campaign.
Flaw impacts 18 Android models including Google’s flagship Pixel handset as well as phones made by Samsung, Huawei and Xiaomi.
An attacker whose motives are unclear compromised an Asterisk server in a highly targeted campaign.
Officials say they are concerned about their ability to fight crime and protect citizens, while privacy advocates remain critical of government interference
There are dozens of known groups, hundreds of C2 servers and millions of victim websites.
Dubbed Reductor, this malware can manipulate HTTPS traffic by tweaking a browser’s random numbers generator.
Eight high-severity vulnerabilities exist in the Foxit Reader tool for editing PDF files.
A double-free bug could allow an attacker to achieve remote code execution; users are encouraged to update to a patched version of the messaging app.
Zendesk says access occurred in 2016 and that only a small percentage of customers were impacted.
Cybergang Silent Starling is taking BEC to the next level by targeting suppliers and going after their customers.
Bad OpSec led to the botnet’s discovery — revealing 800,000 victims in Russia.
Multiyear campaigns stretching back to at least 2014 have been seen using zero-days in region-specific software.
Google’s new password checkup tool joins other similar services including Have I Been Pwned and Mozilla’s Firefox Monitor.
PDFex can bypass encryption and password protection in most PDF readers and online validation services
Ransomware attacks have crippled hospitals worldwide, forcing them to turn away patients and cancel surgeries.
Malware laced OpenDocument files target Microsoft Office, OpenOffice and LibreOffice users.
A total of 172 malicious apps were detected on Google Play in September, with more than 330 million installations.
The eGobbler threat actor is back with a new malvertising campaign that has hijacked more than 1 billion sessions.
Flaw in National Security Agency’s Ghidra reverse-engineering tools allows hackers to execute code in vulnerable systems.
New legislation has been approved by the U.S. senate aimed at protecting local cities and schools from ransomware attacks.
A fix has been issued for a critical Exim flaw that could lead to servers crashing or remote code execution attacks being launched.
A new BootROM exploit – which is unpatchable – potentially opens the door to jailbreaks, a researcher said.
The malware harvests data, steals cryptocurrency and drops additional malware, while masquerading as a Fortnite aimbot and more.
Lawsuit alleges Dunkin’ Donuts failed to act fast enough to notify and protect customers and is in violation of New York State data breach notification laws.
This data-harvesting tool is perfect for the deep well of low-skilled adversaries looking to make their cybercrime mark.
In total, Microsoft has now blocked 142 file extensions that it deems as at risk or that are typically sent as malicious attachments in emails.
The malware landscape continues to evolve with the re-emergence of the GandCrab operators and a continued spearphishing attack spreading the LookBack RAT.
Fileless threat leverages widely used Node.js framework and WinDivert packet-capture utility to turn infected machines into proxies for malicious behavior.
Accessed information includes delivery addresses, license numbers, names, phone numbers and more.
After someone dropped a zero-day exploit on Securelist this week, the platform rushed out a fix — time to apply it.
Experts from Nokia, iboss and Sectigo talk 5G mobile security for internet of things (IoT) devices in this webinar YouTube video (transcript included).
One Cisco bug impacting its 800 and 1000 series routers had a CVSS severity score of 9.9.
Percentage-based URL encoding plus Google domain trickery is helping malicious emails to evade filters.
Vimeo is under fire for allegedly collecting and storing users’ facial biometrics in videos and photos without their consent or knowledge.
Despite CISOs’ apprehension about increasing dependence on SaaS applications and the security risks the cloud represents, adoption isn’t slowing down.
How to determine — and communicate — the value of Threat Intelligence Gateways (TIGs) in your enterprise.
Users scrambled to find a fix for the problem and eventually Google took responsibility for the issue.
Magecart Group 5 has been spotted testing and preparing code to be injected onto commercial routers – potentially opening up guests connecting to Wi-Fi networks to payment data theft.
An active APT campaign aimed at tech companies is underway, which also uses a legitimate NVIDIA graphics function.
The issue in the Rich Reviews plugin is being actively exploited.
A known threat actor, Tortoiseshell, is targeting U.S. military veterans with a fake veteran hiring website that hosts malware.
EDR is still recognized as quite efficient against many of the advanced threats security professionals encounter, but today’s threatscape demands Next-Gen EDR solutions.
Vulnerability in iOS 13 and iPadOS affects keyboards installed for iPhone, iPad, or iPod touch.
Despite claiming they were retiring, GandCrab’s authors have been linked to the REvil/Sodinokibi ransomware via a technical analysis.
Overall, Adobe released three patches – one for an “important” flaw and two for critical flaws –in the 2016 and 2018 versions of ColdFusion.
Seen this month attacking victims in India, the Dtrack malware is bent on financial gain and high-end spying.
Researchers warn that the Russia-linked APT has freshened up their tools with an improved downloader and more.
‘AdBlock’ and ‘uBlock’ impersonate legitimate extensions but instead engage in cookie stuffing to defraud affiliate marketing programs, a researcher has found.
Microsoft has issued a patch for an Internet Explorer remote code execution flaw that is being actively exploited in the wild.
A spearphishing campaign first uncovered in July is hitting more utilities firms and spreading the LookBack malware, which has capabilities to view system data and reboot machines.
Google is tightening its privacy controls over its Google Assistant voice assistant after a report earlier this year found that it was eavesdropping on user conversations.
A Change.org petition is demanding stronger accountability for Equifax in the 2017 leak that affected 150 million customers.
Facebook said it has suspended and banned tens of thousands of apps on its platform after its investigation, launched after Cambridge Analytica, into how they collect and use data.
Forcepoint has fixed a privilege escalation vulnerability in its VPN Client for Windows.
Threatpost editors discuss the return of Emotet, a new lawsuit against Edward Snowden and more.
A database lacking password protection exposed sensitive data of customers of Milwaukee-based mattress company Verlo Mattress.
Eight cities have been hit by a data breach targeting payment cards.
Microsoft broke its built-in antivirus utility, thanks to a patch for a different issue.
An on premise hacker can cripple even the best cybersecurity defenses.
Researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms even when devices are idle.
Marc Rogers discusses the logistics behind a recently-proposed anonymous bug submission program, meant to encourage ethical hackers to submit high-level bugs anonymously.
The fake emails direct victims to log into a bogus IRS site.
The idea that humans are the weakest link shouldn’t guide the thinking on social-engineering defense.
The ever-changing malware is jumping in the middle of people’s existing email conversations to spread itself without suspicion.
The U.S. is attempting to seize any assets related to Edward Snowden’s new memoir, Permanent Record.
Cynet’s new RFP templates clearly lay out the requirements for securing potential APT vectors.
The attack — the 4th-largest the company has ever encountered — leveraged WS-Discovery, which is found “everywhere.”
The malware landscape is constantly changing; including a rise in a new malware called LookBack, as well as anticipation over the return of the Emotet and Retefe malware families.
Though harboring unsophisticated payloads, the Panda threat group has updated its tactics – from targets to infrastructure – and successfully mined hundreds of thousands of dollars using cryptomining malware.
Bug impacts VMware Workstation 15 running 64-bit versions of Windows 10 as the guest VM.
A configuration setting in Google Calendars does not sufficiently warn users that it makes their calendars public to all, a researcher argues.
The company has patched a vulnerability that could allow malicious sites unauthorized access to usernames and passwords.
Julian Assange is among those impacted.
Independent researchers found 125 different CVEs across 13 different router and NAS models.
Three North Korean threat groups have been sanctioned in the U.S. as part of a larger U.S. initiative against North Korea-linked malicious cyber activity.
ReversingLabs identified cybercriminals duping certificate authorities by impersonating legitimate entities and then selling the certificates on the black market.
Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.
Apple will not fix the glitch until the release of iOS 13.1 later in September.
At every turn, the info-stealer uses legitimate services to get around normal email, endpoint and network defenses.
Researchers warn that U.S. firms are being targeted with legitimate – but trojanized – documents that are often socially engineered to a tee.
Threatpost editors Tara Seals and Lindsey O’Donnell talk about the top news stories of the week – from leaky databases to SIM card attacks.
New tactics aimed at business executives and users are being used to reap greater reward from email based fraud, which continues to rise, researchers said.
Cobalt Dickens (a.k.a. Silent Librarian) is now actively targeting 380 universities, bent on stealing credentials and moving deeper into school networks.
The historic measure, which still needs to be signed into law, would prohibit biometric surveillance, including in bodycams.
More than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors, researchers warn.
The organization accidentally sent the names, email addresses, gender and professional information of users of its portal Agora in an email sent in August.
Telemetry for the first half of the year shows that Apple’s ecosystem is firmly in cybercriminals’ sights.
An exposed database containing 17 million email addresses exposed a massive fraud scheme impacting vendors like Groupon and Ticketmaster.
An ElasticSearch DB belonging to Dealer Leads exposed a raft of information collected by “research” websites aimed at prospective car buyers.
A new attack on Intel server-grade CPUs could allow the leakage of SSH passwords – but luckily it’s not easy to exploit.
The Cynet Dashboard provides 24/7 visibility into an organization’s security, with real-time alerts and the ability to react as things happen.
Proofpoint’s senior director of the threat research team discusses the strange levels that attackers are going to in order to persuade victims to click on phishing messages.
A coordinated effort between multiple agencies arrested suspects in Nigeria, the U.S. and eight other countries as well as seized nearly $3.7 million.
Simply implementing best practices is not enough to address the risk coming from your own employees.
September Patch Tuesday leads off with two elevation-of-privilege bugs that have been exploited in the wild.
Cybercrooks are using bots to create synthetic digital identities, to carry out various types of fraud.
Overall Adobe’s September security update addressed vulnerabilities in Flash Player and Application Manager.
A large U.S. manufacturing company is the latest organization to be targeted with the LokiBot trojan – although this most recent campaign harbored some bizarre red flags.
Flaws can potentially affect every device and user on the network by directing them to malicious websites or blocking their access to important data or resources.
Porn-recording feature will likely be used for extortion.
Cyberespionage attackers have ditched their PowerShell backdoor in favor of the Windows BITS ‘notification’ feature.
Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.
Wikipedia and World of Warcraft Classic users reported global outages over the weekend in targeted – and connected – DDoS attacks.
A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.
Apple said Google’s recent analysis of vulnerabilities found January in iOS painted a misleading picture of the scope of the attacks and the risk involved
A survey by Pew Research Center finds that Americans support use of facial recognition by law enforcement , but not by tech or advertising companies.
Large portions of APT3’s remote code-execution package were likely reverse-engineered from prior attack artifacts.
Students should keep their eyes peeled for phishing emails purporting to be from their colleges, as well as online student resources laced with malware, researchers warn.
From deepfake to data exposures, the Threatpost team talks about the top security trends driving this week’s biggest news stories.
Deepfake Detection Challenge aims to spur creation of technology to combat AI used for creating altered videos that intentionally mislead viewers.
Google has kicked 24 apps off of its official Android app marketplace after spyware was discovered in them.
The spyware poses as a legitimate application, spreading via SMS messages to victims’ contact lists.
After being hit by a ransomware attack, Massachusetts city New Bedford faced a payout demand of more than $5 million – one of the largest known ransoms ever.
Server lacked password protection and included multiple databases with records from the U.S., U.K. and Vietnam.
The zero-day vulnerability could enable privilege escalation, and is not part of Google’s Android September security update.
The AK-EM 800 software from Danfoss centralizes alarm management, automatic data collection and food-quality reporting.
The RAT targets users via fake WhatsApp updates in Google Play.
Researchers say an attacker could send a rogue over-the-air provisioning message to susceptible phones and route all internet traffic through a hacker-controlled proxy.
Cybercrooks successfully fooled a company into a large wire transfer using an AI-powered deep fake of a chief executive’s voice, according to a report.
Exploit broker Zerodium has implemented a $2.5 million price tag for a zero-click 0-day in Android.
Cynet is now providing its IR services at no cost, which will enable MSPs and SIs to include IR in their portfolio of security services.
Facebook will allow users to “opt out” of its face recognition feature.
Experts from Nokia, iboss and Sectigo talk 5G mobile security for internet of things (IoT) devices in this webinar replay.
Mozilla’s newest Firefox iteration also offers new fixes for critical and high-severity vulnerabilities.
As the number vulnerabilities hit a historic high, battle-worn security teams are upping their patching game.
An ongoing attack on websites has added new exploits and an administrative backdoor to its bag of tricks.
International cosmetics brand Yves Rocher found itself caught in a third-party data exposure incident that leaked the personal information of millions of customers.
Trivial-to-exploit authentication flaws can give an unsophisticated remote attacker ‘omnipotent’ control over a server and its contents.
Implementing game mechanics and competition into the mix can incentivize employees to improve their cybersecurity posture.
A new, highly capable spyware payload can monitor everything in a person’s digital life.
Up to 25 percent of valid vulnerabilities found in bug bounty programs are classified as being of high or critical severity.
From new ransomware attacks to privacy issues around Venmo and Ring, Threatpost editors break down the top news of this week.
TGI Fridays Australia restaurant chain warns loyalty reward program member of exposed data incident.
The group is using the More_eggs JScript backdoor to anchor its attack.
Google is looking to battle the malicious apps – and apps abusing user data – on Google Play by improving its bug-bounty program arsenal.
In an open letter, the Mozilla Foundation and EFF scolded Venmo for its data privacy policies, which they say could open the door to stalking and spear-phishing.
CVE-2019-12643 has been given the highest possible severity rating.
How criminals have adapted to develop the next generation of dark markets and operations.
Multiple actors in multiple campaigns are using the web shell for remote access, even though it’s almost a decade old and hasn’t been updated.
TrickBot malware targets users of U.S. mobile carriers Verizon, T-Mobile and Sprint via web injects to steal their PIN codes; enabling SIM swapping attacks.
Apple’s “grading” process, which listens to Siri voice recordings, will now be in-house and has an option for users to opt out.
The bug could enable remote code-execution, information-siphoning or denial-of-service attacks.
An analysis of threat techniques used by Silence Group, Goblin Panda and Zegost, which can help construct effective defenses.
Law enforcement takedown causes Retadup malware to eat itself.
Mainly motorsports and luxury apparel sites, all of them were running outdated versions of the Magento eCommerce platform.
A round of phishing emails purports to be from job seekers – but actually uses a slew of detection evasion tactics to download malware on victim systems.
Seemingly handy PDF and OCR app turns out to be a privacy horror show.
The issue impacts users of the vendor’s Cloud WAF product.
A new threat group has been discovered targeting Middle Eastern critical infrastructure firms with spearphishing emails laced with malware.
Apple has released an emergency patch in iOS 12.4.1 that addresses a vulnerability that opened iPhones to jailbreaks.
The emails are well-crafted and extremely convincing.
Fraudsters are using social media to spam, steal information, spread propaganda and execute social-engineering campaigns.
Hostinger said that unauthorized access to an internal API server exposed hashed passwords of 14 million customers.
Researchers warn users of several plugins to update as vulnerabilities are being actively exploited to redirect website visitor traffic.
From a backdoor placed in the Webmin utility to vulnerability disclosure drama around zero-days in Valve’s Steam gaming clients, Threatpost breaks down this week’s top stories.
Security researchers at Pen Test Partners have found a privilege escalation flaw in the much-maligned Lenovo Solution Center software.
Google introduced a new initiative that it hopes will fight shady online advertising practices such as digital fingerprinting.
Willie Sutton and mobile attackers have much in common — but defenses have evolved since the famous bank robber had his heyday.
The app purported to stream music – but actually siphoned victims’ device contacts and files.
After Valve banned him from its bug bounty program, a researcher has found a second zero-day vulnerability affecting the Steam gaming client.
Security researchers worry that this weekend’s coordinated attacks on more than 20 Texas governments mark a change in how ransomware attacks will be launched in the future.
Six bugs found in Cisco’s Unified Computing System gear and its 220 Series Smart switches can allow unauthenticated remote hackers to take over equipment.
Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.
The personal email addresses – some indicating user names or government official status – of more than a million pornography website users were exposed.
Microsoft released the beta of its new Chromium-based Edge – and it is offering rewards of up to $30,000 for researchers to hunt out vulnerabilities in the browser.
Attackers are taking aim at Fortnite’s global community of 250 million gamers.
With cloud misconfigurations rampant in cloud storage and IaaS environments, adding security layers to identify them is crucial for securing sensitive data.
Apple accidentally re-introduced a vulnerability in its latest operating system, iOS 12.4, that had been previously fixed in iOS 12.3.
A phishing campaign targeting utility grid operators uses a PDF attachment to deliver spyware.
VideoLAN has released an updated version of its VLC Player to fix over a dozen bugs.
The phone company has sued the startup for copyright infringement.
A detailed look at underground forums shows that cybercriminals aren’t sure where to look on the heels of the GandCrab ransomware group shutting its doors – and low-level actors are taking advantage of that by developing their own strains.
Eight vulnerabilities would allow a range of attacker activities, including taking the Nest camera offline, sniffing out network information and device hijacking.
Researchers say that the targeted ransomware cyberattack on 23 Texas local and state entities represents a shift from “attacks of opportunity” to more targeted, malicious attacks.
It’s been around forever, but in a modern digital era marked by influence campaigns and deep fakes, information warfare has become much easier to carry out.
The number of exposed records has hit record highs in just the first two quarters.
More than 300,000 users still utilize credentials that have been compromised – with people visiting video streaming and porn sites most at fault, Google found in a new study.
From the biometrics of one million being exposed, to new Microsoft Bluekeep-like threats, Threatpost discusses the top news of the week.
Prevent account takeovers by upping your password game and locking out the bad guys. Here is how.
A collection of in-depth discussions on the cybersecurity topics that matter most.
Browse our curated content, contributed by the Threatpost community of industry experts, technical gurus and thought leaders.
Eight vulnerabilities in the HTTP/2 server implementations were found in vendors Amazon, Apple, Microsoft and Apache.
The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.
Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn.
700,000 customer records were exposed after being housed on a vendor’s server that lacked appropriate security.
Researchers said that clickjacking is a threat that’s evolving, with new tactics just starting to emerge.
A publicly accessible database exposed the fingerprints and facial recognition information of millions, thrusting biometrics security into the spotlight once again.
The notebook maker is warning users of three separate vulnerabilities.
A bug in an obscure legacy Windows protocol can lead to serious real-world privilege-escalation attacks.
Overall, Intel stomped out three high-severity vulnerabilities and five medium-severity flaws.
Bug submission program uses the SecureDrop platform to ensure anonymity.
Hundreds of contractors reportedly were hired to transcribe Messenger voice chats in order to test the accuracy of an AI algorithm — raising questions about what Facebook does with the data.
A new XMRig Monero cryptominer stands apart, despite its non-flashy name.
Scammers are profiting from TikTok’s younger audience with adult dating and account impersonation tricks.
The flaws allow remote code-execution without user interaction or authentication, and are highly exploitable.
Patched critical flaws in Adobe’s Photoshop CC photo editing application enable arbitrary code execution.
The mobile banking trojan has a few unusual features and bears watching, researchers said.
A vulnerability in British Airways’ e-ticketing system could enable a bad actor to view passengers’ personal data or change their booking information.
A U.S. senator is giving the four telecommunications companies until Sept. 4 to outline how they plan to better protect customer data privacy.
Grindr, Romeo, Recon and 3fun were found to expose users’ exact locations, just by knowing a user name.
“Never trust, always verify” is a solid security concept — but it’s important to realize that putting it into practice can be complex.
Threatpost breaks down the highs and lows from Black Hat 2019, from new vulnerabilities and industry collaboration to a scandal around a sponsored session.
An elevation-of-privilege bug allows attackers to run any program on a target machine with high privileges.
Session shows how researchers found multiple vulnerability in Canon firmware that can be used in a malware attack.
Dozens of insecure drivers from 20 vendors illustrate widespread weaknesses when it comes to kernel protection.
Researchers exploit a SQLite memory corruption issue outside of a browser.
Patrick Wardle proves that signature-based anti-malware protection on Macs is woefully inadequate when fending off modern attacks.
Researchers developed an exploit that allowed them to perform an array of malicious functions against so called “mobile keys”.
The bug exists in a controller that oversees HVAC, lighting, sensor and alarm systems, to name a few.
Researchers show how they hacked Google Home smart speakers using the Megellan vulnerability.
From insecure voting machines to social media misinformation, governments have alot to think about when it comes to securing elections.
Apple is opening its once-private bug bounty program to all researchers, as well as boosting vulnerability payouts and expanding the product scope to include MacOS.
The insurance giant serves at least 83 million U.S. households.
Hardware, software, services and people make up supply-chain risk — but the latter should be the guiding focus.
The vulnerability is a decade old with a public exploit, yet remained unpatched in one of the phone giant’s most popular models.
Researchers were able to bypass Apple’s FaceID using a pair of glasses with tape on the lenses.
A pair of reports released at Black Hat mark the huge shift away from targeting consumers.
An ongoing campaign is hosting its phishing landing pages on enterprise-class public cloud storage services — a nascent trend meant to throw defenders off.
Attack vectors disclosed last year are still fully exploitable, researchers demoed at Black Hat USA 2019.
A raft of bugs in six popular models can allow a hacker to wreak havoc on a corporate network.
At Black Hat USA 2019, researchers showed how a previously-disclosed flaw on Windows systems that could allow arbitrary code execution could also impact Hyper-V.
Academic researchers carry out attacks on high-end commercial devices as well as narrowband IoT sensors.
From government surveillance to domestic abuse, technology is being used in new and disturbing ways that threaten human rights – how can the security industry fight back?
Dino Dai Zovi, mobile security lead at Square, discusses ongoing transformation in security’s role in the workplace during the keynote.
The adversaries have retooled with EternalBlue and credential theft to add a new “access mining” revenue stream.
Researchers demonstrate a new side-channel attack that bypass mitigations against Spectre and Meltdown.
In this sponsored podcast, host Cody Hackett talks to SpyCloud’s Chip Witt about the operationalization of data.
A kid’s tablet with security vulnerabilities is only the latest privacy faux pas in a children’s connected device.
Several serious privacy flaws in a kid’s tablet were disclosed this year at Black Hat, which could allow a bad actor to track or send messages to children.
Patient medical history and over 6 million email addresses tied to Democrats were detailed in a misconfigured storage buckets over the past few weeks.
A new type of malicious plugin has been spotted in the wild with the capability of targeting individual blog posts.
The sites are targeting job-seekers, movie aficionados and shoppers in hopes of harvesting their personal information.
Flaws in Qualcomm chipset expose millions of Android devices to hacking threat.
Personal data of 2,000 journalists was found publicly accessible on a spreadsheet on the website for popular trade show E3.
After infecting Fiberhome routers, its sole purpose seems to be setting up SOCKS5 proxies.
Microsoft says its Azure Security Lab will allow researchers to attack its cloud environment in a customer-safe way.
Buffer overflows, race conditions, use-after-free and more account for more than half of all vulnerabilities in the Android platform.
Manual steps have been replaced by automation.
Comprehensive testing of 21 free Android antivirus apps revealed big security vulnerabilities and privacy concerns; especially for AEGISLAB, BullGuard, dfndr and VIPRE.
Researchers spotted the never-before-seen LookBack malware being used in spearphishing campaigns against three U.S. utilities.
Vast majority of Apple iOS users haven’t updated to iOS 12.4, leaving themselves wide open to a public exploit.
Apple’s Siri follows Amazon Alexa and Google Home in facing backlash for its data retention policies.
The proxy is being distributed by the RIG and Fallout exploit kits.
Researchers are warning that unpatched flaws found in the Hickory Smart Bluetooth Enabled Deadbolt allow an attacker with access to a victim’s phone to break into their houses.
The complaint claims the networking giant knowingly sold bug-riddled software to federal and state governments, that would allow complete network compromise.
The RIG exploit kit and Safari redirects are both in the adversaries’ bag of tricks.
A researcher said that he found a Honda ElasticSearch database exposing 40GB of internal system and device data.
In addition, Google’s latest Chrome version implements 43 new security fixes.
Anyone can listen to the camera’s audio over the internet.
Threatpost editors discuss the top trends, keynotes and sessions that they look forward to at Black Hat USA and DEF CON 2019.
Hackers with physical access to small aircraft can easily hack the plane’s CAN bus system and take control of key navigation systems.
Remote exploitation can be achieved with no user interaction.
A new strain of ransomware is being distributed to Android users via online forums and SMS messages.
Even though mobile data security is less mature than its desktop equivalent, the quality of the information on offer is top-tier.
More than 100 million customers have had their data compromised by a hacker after a cloud misconfiguration at Capital One.
Standard email authentication to prevent spoofing and phishing remains elusive for most.
During this week’s Threatpost Podcast, editor Lindsey O’Donnell talks to Jacob Serpa with Bitglass about how more enterprises are struggling with a cloud security conundrum when it comes to public cloud vs on prem.
Researchers have uncovered easy-to-exploit bugs that can impact physical safety, utilities, healthcare devices more, setting the stage for widespread worm attacks.
Fears of a WannaCry-level global attack grow as working exploit info starts to go public.
Marcus Hutchins, also known by his online alias MalwareTech, has been spared jail time in his sentencing for the creation of the Kronos malware.
Attacks on at least three school districts and likely others have prompted the state’s first emergency due to cyberattack.
Attackers are hiding PHP scripts in EXIF headers of JPEG images to hack websites, just by uploading an image.
Gamers are easy pickings for credential crooks, thanks to lax security hygiene and poor gaming company practices.
A credit-card skimmer on Magento sites was found loading JavaScript from a legitimate-seeming Google Analytics domain.
Webinar examines challenges in patch management and offers solutions to streamline the process.
Malware infection technique called TxHollower gets updated with stealthy features.
WeTransfer is being used by hackers to circumvent email gateways looking to zap malicious links.
Meanwhile, remediation times are ballooning to a year or more in the case of malicious attacks, according to Ponemon Institute.
Researchers have linked the surveillance tool to a Russian tech firm that has been sanctioned for interfering with the 2016 U.S. presidential election.
In the second of a two part series discussing recent ransomware attacks against municipalities, Shawn Taylor with Forescout talks about how cities can protect themselves.
Security experts say the attack stemmed from weak cybersecurity controls.
An ongoing malvertising campaign is exploiting WordPress plugin vulnerabilities to redirect website visitors to malicious pages.
Dropper malware become more popular as hackers turn to more quiet attack techniques to avoid detection.
A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses.
A patch does not yet exist for a critical buffer overflow vulnerability in VLC Media Player that could enable remote code execution.
The bug is previously unknown but yet still fixed in later releases. However, many organizations are likely still vulnerable.
Enterprises should recognize the data security risk that Slack, Teams or TeamViewer could introduce and address it.
The Bulgarian attack impacted almost all tax information for the entire country.
In this week’s Threatpost Podcast, we talk to Tim Mackey with Synopsys about recent Amazon Echo and Google Home privacy faux pas. Will GDPR and other regulations catch up to the voice assistants?
Equifax will dish out as much as $700 million on the heels of its infamous 2017 data breach that impacted 150 million customers.
The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal.
Third-party tracking is rampant on sites like Pornhub, with users’ sexual preferences on full view.
Researcher creates ‘Selfblow’ proof-of-concept attack for exploiting a vulnerability that exists in “every single Tegra device released so far”.
Directly linking thoughts to a phone via Bluetooth — what could go wrong?
Mirai activity has nearly doubled between the first quarter of 2018 and the first quarter of 2019.
More victims of a 2015 credential-harvesting incident have come to light.
Google is announcing much higher bug bounty payouts for Chrome, Chrome OS and Google Play.
The cyberspy group’s activities are broader than originally thought.
Two months after the alarm sounded warning of a WannaCry-level event, progress in patching exposed Windows systems varies by country and industry.
Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware.
Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices — opening an attack vector.
A sophisticated and growing malvertising attacker is partnering with legitimate ad tech platforms to drop malware at scale.
The group is using malicious versions of WinRAR and other legitimate software packages to infect targets, likely via watering-hole attacks.
Lenovo patches enterprise and SMB network attached storage devices for a vulnerability that leaked data to the public internet.
With cybersecurity worldwide facing a major applicant shortage, businesses should be courting women and supporting girls.
The issue, present on Android versions, is similar to the known man-in-the-disk attack vector.
Someone AirDropped a picture of a suicide vest to multiple people on a JetBlue flight, prompting an evacuation.
The FTC has levied its biggest fine ever against the social network, but it’s unlikely to have much effect.
A dropper called “Topinambour” is the first-stage implant, which in turn fetches a spy trojan built in several coding languages.
An independent researcher earned a $30,000 bug bounty after discovering a weakness in the mobile recovery process.
In this first part of a two part series, Shawn Taylor with Forescout talks to Threatpost about lessons learned from helping Atlanta remediate and recover from its massive ransomware attack.
Most respondents in a recent survey say they’re losing the battle despite having up-to-date protections in place.
Vulnerability experts Michiel Prins and Greg Ose discuss the 15 most common vulnerability types.
Rupert Murdoch’s News Group has agreed to pay damages to Paul McCartney’s ex as part of the massive phone-hacking scandal by UK tabloids.
QNAPCrypt continues to spread via brute-force attacks.
A lack of a Bluetooth Low Energy (BLE) pairing mechanism leaves the smart IoT devices open to malicious manipulation.
Google is under fire after a report found that Google Home and Google Assistant records user audio, even when no wake-up word is used.
The tech giant addressed a widely publicized Zoom bug with an automatic update mechanism usually reserved for removing malware.
Apple has disabled the Walkie Talkie app from its Apple Watch products after a vulnerability was discovered enabling bad actors to eavesdrop on iPhone conversations.
Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs.
GE Healthcare said an attacker could modify gas composition parameters within the devices’ respirator function.
After media scrutiny, the collaboration service has decided to address the zero-day after initially dismissing its severity.
The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more.
Researchers say malware infects phones in order to sneak ads on devices for profit.
Intel issued patches for a high-severity flaw in its processor diagnostic tool as well as a fix for a medium-severity vulnerability in its data center SSD lineup.
The software giant also addressed 15 critical flaws and advised on the recently disclosed Linux Kernel “SACK Panic” bug.
Study finds Android apps circumvented privacy opt-in rules and collected sensitive user information against user permission.
The data breach fine against Marriott by the Information Commissioner’s Office comes a day after British Airways was also penalized.
The vulnerability can be exploited on a drive-by basis by a malicious website.
Cynet’s 360 platform is ready out-of-the-box, for fast, easy deployment across all endpoints.
A DNS misconfiguration resulted in an open Jenkins server being available to all.
A zero-trust model is the only way to keep up with today’s digital complexities.
The authors have tweaked a known piece of malware to specifically target Korean TV fans.
Google Project Zero finds Apple iMessage bug that bricks iPhones running older versions of the company’s iOS software.
A proposed $230 million fine on British Airways after a data breach would be the biggest GDPR penalty yet.
How companies can identify their own insecure data, remediate data breaches and proactively secure data against future attacks.
A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.
Two researchers are being singled out in what are called PGP poisoning or flood attacks that render the authentication tool unusable for victims.
Apple report now includes data on requests by governments to take down apps from the tech giant’s app store.
Amazon’s acknowledgment that it saves Alexa voice recordings – even sometimes after consumers manually delete their interaction history – has thrust voice assistant privacy policies into the spotlight once again.
Bugs in Arlo Technologies’ equipment allow a local attacker to take control of Alro wireless home video security cameras.
IBM has disclosed multiple critical and high-severity flaws across an array of products, the most severe of which exist in its IBM Spectrum Protect tool.
Google fixed several critical and high-severity vulnerabilities in its Android operating system.
A new malware is targeting Macs with new tactics to sniff out antivirus and virtual machines.
A good appreciation and respect for good real-world architecture goes a long way when it comes to architecting resilient systems.
A widespread malware campaign, ongoing since 2014, was using Facebook accounts and posts to spread malware through URL links.
LGBQT dating app Jack’d has been slapped with a $240,000 fine on the heels of a data breach that leaked personal data and nude photos of its users.
A never-before-seen Dridex variant has been spotted in phishing emails using anti-virus detection evasion tactics.
Millions of records containing personal information and medical insurance data were exposed by a database belonging to insurance marketing website MedicareSupplement.com.
The FDA sent out an urgent advisory warning of serious flaws in Medtronic’s insulin pumps, which are used by thousands across the U.S.
Twenty years in, enterprise VPNs occupy a uniquely solid position in a changing landscape.
Pentesters say a keyless smart lock made by U-tec, called Ultraloq, is neither ultra or secure.
Netflix, TD Bank, and Ford were only a few of the companies whose data was exposed by three leaky Amazon S3 buckets owned by Attunity.
Hackers are stealing Instagram credentials through a tricky phishing scam that asks victims to apply for exclusive verified account status.
Researchers have identified security hole in Microsoft Office’s Excel spreadsheet program that allows an attacker to trigger a malware attack on remote systems.
A 14-year-old hacker bricked at least 4,000 Internet of Things devices with a new strain of malware called Silex this week. Threatpost talks to the researcher who discovered the malware.
Google finalizes its DNS-over-HTTPS service.
Cisco has patched two critical vulnerabilities in its Data Center Network Manager software, which could allow a remote attacker to take over affected devices.
After a March report exposed Iran-linked APT33’s infrastructure and operations, the cyberespionage group has adopted new tactics and techniques.
A bug in the Electronic Arts gaming platform’s single sign-on mechanism could have allowed hackers to access game accounts.
After being hit by a ransomware attack, the second Florida city this month has opted to pay hackers their requested ransom.
Web analytics firm plugs a hole in its platform that allowed attackers to open a reverse shell that could be used to attack the service.
Researchers have found samples of malware that targets a recently-disclosed, unpatched MacOS vulnerability.
A new malicious campaign is spreading LokiBot and NanoCore trojans under the guise of an ISO file claiming to be an invoice.
An attempt by Facebook to block a lawsuit, regarding a massive 2018 data breach, has been shot down.
The Department of Homeland Security is warning that U.S. agencies are being targeted by Iranian-backed cyberattacks with destructive wiper malware.
There’s more than one way to get inside a company.
Pink Camera apps secretly signed users up for premium subscription services.
A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.
The Threatpost team discusses the top news of the week – from a NASA cyberincident to dating app privacy issues.
Mozilla has patched a second actively-exploited vulnerability in Firefox this week.
A component in SupportAssist software pre-installed on Dell PCs – and other OEM devices – opens systems up to DLL hijacking attacks.
Analysts at ProPrivacy say the dating apps collect everything from chat content to financial data on their users — and then they share it.
Riviera Beach, a Florida city, is coughing up $600,000 to hackers after a ransomware attack brought down its computer systems.
A Tiny Core Linux 9.0 image configured to run XMRig runs on a VM, rather than victim machines hosting the malware locally.
Malware adds ransomware to its malicious bag of tricks.
The update patches critical flaw (CVE-2019-11707), a type confusion vulnerability in the Mozilla Firefox code that Tor uses.
Cisco has patched a slew of critical and high-severity flaws in its DNA Center and SD-WAN.
Rampant security-operations bungling allowed cyberattackers to infiltrate JPL’s network, which carries human mission data.
Google’s new multi-party computation tool allows companies to work together with confidential data sets.
Oracle is urging users to update after a critical WebLogic Server Flaw was found being actively exploited in the wild.
Mozilla released a new update for Firefox after discovering a critical flaw under active attack.
A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security.
Four vulnerabilities could “SACK” connected devices with denial-of-service exploits.
Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops.
The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000.
Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook.
The social platform has suspended six sets of accounts across four jurisdictions for running alleged influence campaigns, including Iran.
Students at Oregon State University, Graceland University and Southern Missouri State have all been impacted by email attacks against school employees.
Microsoft is urging users to patch every Exim installation in their organization and make sure that they are updated to the most recent version, Exim version 4.92.
ASCO is the latest headline-making organization to be hit by ransomware, prompting many companies to consider what to do to minimize their risk.
Attackers continue to push the boundaries with modular trojans and ransomware attacks, a new report found.
Threatpost editors Tara Seals and Lindsey O’Donnell discuss a recent lawsuit against Amazon for its privacy policies, a Telegram DDoS attack and more.
XENOTIME, a destructive APT linked to Russia, has broadened its target set beyond Middle East oil and gas.
Two lawsuits are seeking class-action status, alleging that Amazon records children and stores their voiceprints indefinitely.
Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers.
Traffic analysis sheds light on weekday habits of attackers such as the most likely day for attacks and how malicious infrastructure is shared.
Evernote’s web clipper extension for Chrome is vulnerable to a critical flaw that could have exposed the data of more than 4.6 million users.
The critical bug in a connected medical device can allow an attacker to remotely manipulate hospital pumps, either to withhold meds or dispense too much.
Durov took to Twitter to hint that Beijing tried to take Telegram offline to disrupt the Hong Kong protests.
A high-severity flaw could give attackers full control of Cisco routers or switches.
215 accounts use the same family of special URL shorteners to track the effectiveness of the operation.
Evite’s data breach, stemming from an “inactive data storage file,” is only one of many breaches to be disclosed this week.
An attacker can use Rowhammer attack to induce bit flips, thereby leaking the victim’s secret data.
Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware.
Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities.
The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers.
In total, 88 unique vulnerabilities were patched as part of Microsoft’s June Patch Tuesday security bulletin.
Automatic invite notifications are spreading malicious links.
The two CVEs allow bypasses to get around NTLM relay attack mitigations.
A bug impacting editors Vim and Neovim could allow a trojan code to escape sandbox mitigations.
Adobe issued patches for 11 vulnerabilities overall across its Flash, ColdFusion and Campaign products.
“Project Svalbard” has commenced, as Hunt looks for the right company to take over the password-focused service.
A recent breach of U.S. Customs and Border Protection traveler photo and license plate data has led experts to condemn the collection and storage of facial recognition data.
A future premium Firefox browser could come with security features like VPN and secure cloud solutions.
A web spam campaign targeting Koreans is affecting non-hacked websites worldwide.
Large-scale existential threats exist everywhere and can annihilate us with only trivial effort. Should we all throw everything we can at them?
The flaw affected all versions of Microsoft Office, Microsoft Windows and architecture types dating back to 2000, and was patched in November 2017.
Popular media player receives 33 security bug fixes, two of which are rated high severity.
Time’s up on public disclosure of six serious bugs impacting the vendor’s IPM-721S model security camera.
A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days — and counting.
SandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch.
The Threatpost editors discuss the highlights from Infosecurity Europe, which took place in London this week.
One in four underground merchants offer advanced hacking services, once reserved for APTs and well-funded organized crime gangs.
Poor password hygiene continues to plague the security industry, Troy Hunt said during Infosecurity Europe.
OPKO subsidiary BioReference joins Quest and LabCorp in the supply-chain incident.
Bug allows for a remote attacker to execute arbitrary code on industrial, enterprise tools.
Critical bugs impact a widely deployed streaming platform, common in the U.S. and elsewhere.
Learn how SolarWinds and Access Rights Manager can help improve IT and data security in your environment.
Ken Munro of Pen Test Partners hopes to see regulation for connected-device security in 2020.
The vulnerable kits also offer a point of entry to compromise legitimate website servers.
The mobile ad plugin, found in hundreds of Google Play apps, uses well-honed techniques from malware development to hide itself.
Both FireFox and Chrome have received updates to better guard users against privacy and security threats, such as tracking by Facebook.
A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds.
As more data is collected, shared and sold, people are growing increasingly distrustful of technology, an expert said at Infosecurity Europe Wednesday.
Experts at Infosecurity Europe shed light on how IT and operational technology teams can better collaborate as industrial IoT takes hold.
At Infosecurity Europe, Threatpost gets a behind-the-scenes look at the discovery of BEC cybergang Scattered Canary.
At Infosecurity Europe, researchers detailed a cybergang that grew from a one-man shop launching Craigslist scams to a full-on enterprise BEC group.
The login scheme promises it won’t share data — and will be required for all developers using third-party sign-ins.
0patch has released an interim micropatch for the dangerous LPE bug from SandboxEscaper, while we wait for Microsoft’s official patch.
The Russian-speaking APT acts as a support group for high-profile APTs like Sofacy and BlackEnergy.
During Infosecurity Europe in London this week, cybersecurity experts sounded off on worries about artificial intelligence being used for nation state cyber weapons.
Threat detection tools don’t take into account the emotional aspect of insider threats, a panel of experts said at Infosecurity Europe this week.
At Infosecurity Europe, a security expert from Guardicore discusses a new cryptomining malware campaign called Nanshou and why the cryptojacking threat is set to get worse.
Researchers use malicious NFC tags and booby-trapped physical surfaces to connect Android devices to malicious wireless networks.
The iPhone-maker announced the ‘Sign in with Apple’ API, and restrictions on location-tracking.
An attacker could gain remote access by chaining together an exploit for home routers with the TV flaw.
After a year of success, its operators say they earned millions — and are ready to retire.
Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Mojave, despite mitigations.
How will 5G vendors deal with the issues of security? Nokia’s head of end-to-end security solutions discusses during the GSMA Mobile 360 conference.
A lack of security training for interns, and their obsession with sharing content on social media, could lead to a perfect storm for hackers looking to collect social engineering data.
Google Project Zero researcher unearths a bug in Microsoft’s Notepad Windows application.
As 5G deployments continue to increase, what are the top security risks for enterprises? We discuss with an expert during GSMA’s Mobile360 conference.
Nvidia is urging gamers to update its GeForce Experience software after patching two high-severity vulnerabilities.
HiddenWasp is unique for Linux-based malware in that it targets systems to remotely control them.
The complexity and scale of the 5G ecosystem, combined with a lack of skills and training in software-centric security, will be important drivers for AI deployment in the carrier space.
One of the most popular U.S. drive-through restaurants has been hit with a data breach due to POS malware.
Amazon S3 cloud bucket misconfigurations however have dropped dramatically.
What does 5G mean from a security vendor perspective? A Palo Alto Networks expert sounds off at GSMA’s Mobile360 this week.
High-risk applications that require zero latency, like remote surgery, could cause loss of life in the event of a cyberattack.
Researchers are warning of flaws in two WordPress plugins – Slick Popup and WP Database Backup – including one that remains unpatched.
A top UK government cyber-official has called out the telecom supplier, long suspected to use its infrastructure sales as a base for industrial espionage.
A rapidly-expanding campaign has infected 50,000 servers with malware that mines an open source cryptocurrency called TurtleCoin.
Amazingco, an events planning firm, exposed 212,220 records with personal data relating to children’s parties, wine tours and more.
Researcher discloses vulnerability in macOS Gatekeeper security feature that allows the execution of malicious code on current version of the OS.
Researchers have discovered one million devices that are vulnerable to a “wormable” Microsoft flaw, which could open the door to a WannaCry-like cyberattack.
New campaigns also show modified versions of known payloads.
Bad actors are looking to hit financial and banking firms in Canada with geo-specific campaigns touting malware like Emotet, GandCrab and Ursnif.
After a report found that Snap employees were abusing their access to Snapchat data, experts are warning that insider threats will continue to be a top challenge for privacy.
New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites.
The Windows 10 update that’s rolling out addresses insecure Wi-Fi hotspots with new user notifications.
The Threatpost team breaks down the top privacy-related data incidents of the week – including data leaks from HCL and a golfing app – and highlights some surprisingly good privacy news.
As passwords are increasingly viewed as security liabilities, Identity Management solutions are picking up the slack.
Coming to America: The Shade ransomware, which has historically targeted Russian victims, was recently spotted expanding its sights.
A new way of tracking mobile users creates a globally unique device fingerprint that browsers and other protections can’t stop.
As promised, developer SandboxEscaper has dropped exploit code for four more bugs, on the heels of releasing a Windows zero-day yesterday.
As Bitcoin prices surge, so too are malicious apps, malware-ridden scams and cryptojacking attacks looking to profit from the cryptocurrency industry.
The “bestiary” houses six historical threats that combined resulted in at least $95B in damages worldwide.
The two critical cross-site request forgery flaws in the online learning non-profit Khan Academy have been resolved.
SandboxEscaper has released her latest local privilege-escalation exploit for Windows.
Google said it had stored G Suite enterprise users’ passwords in plain text since 2005 marking a giant security faux pas.
Mozilla has released a host of fixes for its browser as it rolls out its latest 67 version of Firefox, which touts better speed and privacy.
Intel has issued fixes for a slew of vulnerabilities, separate from the side-channel bugs disclosed last week.
Enjoy the video replay of the recent Threatpost cloud security webinar, featuring a panel of experts offering best practices and ideas for managing data in a cloudified world.
A flaw in the Secure Boot trusted hardware root-of-trust affects enterprise, military and government network gear, including routers, switches and firewalls.
HCL domain pages exposed sensitive data – including passwords and project analysis reports – for thousands of employees and customers.
A database with millions of data points on games played plus sensitive information was left right in the middle of the internet fairway for all to see.
All too often, information-sharing is limited to vertical market silos; to build better defenses, it’s time to take a broader view beyond the ISAC.
A glitch in Microsoft’s Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.
An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.
A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.
An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.
Daniel Gruss, the researcher behind Spectre, Meltdown – and most recently, ZombieLoad – Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.
A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.
The decision to pay a ransom in the case of a ransomware attack can be a complex one for businesses.
The importance of reading the network tealeaves of a company’s network traffic to head off an attack.
From a zero day flaw in WhatsApp, to Patch Tuesday fixes, Threatpost breaks down the top vulnerabilities of this week.
The bloom is on mobile, whether it be the enterprise, employees or the cybercriminals plotting new ways to slip past a corporate defenses in a post-parameter world.
The web skimming script was recently found stealing payment data on the websites of Forbes Magazine as well as seven others.
The vendor also issued a patch schedule for the still-unpatched bug in its Secure Boot trusted hardware environment, which affects most of its enterprise and SMB portfolio, amounting to millions of vulnerable devices.
Europol said it has dismantled the cybercrime network behind the GozNym malware, which siphoned more than $100 million from businesses.
Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols.
Here are 10 top takeaways from Intel’s most recent class of Spectre-like speculative execution vulnerabilities, disclosed this week.
Attackers have been tampering with TLS signatures at a scale never before seen using a technique called cipher-stunting.
Microsoft Patch Tuesday security bulletin tackles 22 critical vulnerabilities.
A massive update addresses the breadth of the computing giant’s product portfolio.
Intel has disclosed a new class of speculative execution side channel attacks.
Adobe has issued patches for 87 vulnerabilities on Patch Tuesday – the bulk of which exist in Adobe’s Acrobat and Reader product.
The bug is remotely exploitable without authentication or user interaction.
WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims’ phones.
Cynet protects the entire internal environment – including hosts, files, users and the network.
The two high-severity bugs impact a wide array of enterprise, military and government networks.
A Twitter glitch “inadvertently” leaked iOS users’ location data to an unnamed partner.
In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT.
From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments.
Using a bug patched in March, the attacks are starting to ramp up worldwide.
From a creepy Airbnb incident to Verizon’s Data Breach Investigations Report, Threatpost editors break down the top privacy and security stories for the week ended May 10.
The WannaCry attack proved pivotal, changing the way organizations go about securing their environments.
Nvidia has patched three vulnerabilities in its Windows GPU display driver that could enable information disclosure, denial of service and privilege escalation.
Nigerian scam groups launched even more attacks in 2018 – and used more complex types of malware to reach more victims.
A simple Wireshark analysis was enough to subvert the gadget, which uses iris identification to protect the drive.
Two have been indicted in the 2015 massive data breach of health insurer Anthem, which compromised the data of at least 78 million customers.
A video interview and Q&A with IoT specialist Dan Demeter of Kaspersky Lab.
Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password.
Drupal, Typo3 and Joomla are all impacted by the bug.
LightNeuron is the first to target Microsoft Exchange transport agents — and is used as a hub for major Turla APT espionage efforts.
The incident is only the latest in a string of disturbing horror stories of guests finding live, recording cameras hidden in their Airbnb flats.
The Android security update patches 15 bugs, four rated critical, 10 rated high and one ranked moderate in severity.
A Q&A with Kaspersky Lab researcher David Jacoby examines a gaping hole in the telco customer-service process that allows adversaries to commandeer phone calls.
At Google I/O, the tech giant announced it is beefing up security in phones with its latest Android Q operating system by offering direct updates and privacy controls.
Cloud misconfigurations, business email compromise (BEC) and intellectual property theft are all up in the Verizon DBIR 2019 from last year.
Having appropriate security configurations requires your applications, servers and databases to be hardened in accordance with best practices.
Cynet Free IR empowers its users with a solution that is accessible and easy to use, bringing crucial incident response services in-house, while saving them valuable time and resources.
Cisco has patched a critical flaw in its virtualized function automation tool, Cisco Elastic Services Controller.
Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017.
Oleksii Petrovich Ivanov has been extradited in the U.S. after allegedly launching malvertising campaigns that caused victims to view malicious ads on more than 100 million occasions.
After researchers were able to bypass a file upload validation flaw patch in WP Live Chat, a new patch has been issued.
Snowballing attacks using a recently patched critical bug show no sign of abating.
Cisco patches two high-severity bugs that could be exploited by remote attackers.
Web scammers are going after Marvel fans as the movie passes the $2.2 billion box-office mark, making it the second-highest grossing film of all time, behind only Avatar.
The three flaws enable an unauthenticated attacker to launch remote code execution attacks on printers.
A digital signing flaw killed add-ons for Firefox as well as Tor — and no patch is yet available for Tor users.
Will connected devices be insecure forever? Or will legislation – such as the recent UK mandate announced this week – help boost IoT security?
Amidst the PR glitz and popularity of bug bounty programs, experts worry that actual smart security strategy is being left behind.
Short on concrete details but long on affirming cybersecurity skills as a critical piece of federal defense, the White House executive order aims to bolster the national cyber workforce.
The Threatpost team breaks down the strangest security stories this week – from Cartoon Network hacked to show stripper videos, to a church being scammed out of $1.75 million.
The malware has new tricks, like using the stunnel encrypted tunneling mechanism and abusing a legitimate shareware app.
Critical flaws in the software of Sierra Wireless’ AirLink routers enable an array of malicious attacks.
Crestron, Barco wePresent, Extron ShareLink and more wireless presentation systems have an array of critical flaws.
Researchers warn customers to reconsider the use of the camera’s remote access feature if the device is monitoring highly sensitive areas of their household or company.
One of the misconfigured Elasticsearch databases showed evidence of a ransomware attack.
Dell has patched two high-severity vulnerabilities in its SupportAssist software meant to aid security issues for customers.
Part of a slew of patches from the networking vendor, the CVSS 9.8 bug allows remote takeover of a vulnerable device.
Revive Adserver patches two vulnerability, one of which may have been used to allow hackers to deliver malware to third-party websites.
The adversaries have the hallmarks of an advanced, organized group, with well-established infrastructure.
A new binding directive gives U.S. agencies just 15 days – as opposed to 30 days – to remediate critical flaws on their systems.
Ricardo Milos joined Ben 10, Adventure Time and We Bare Bear videos on its websites over the weekend.
Researchers are urging Oracle WebLogic users to update quickly – after new Muhstik botnet samples started targeting a critical flaw in the servers.
A scam version of the actor convinced a woman he was in love with her.
A recently-patched critical flaw in Oracle WebLogic is being actively exploited to peddle a new ransomware variant, which researchers call “Sodinokibi.”
A bug in the popular anti-piracy framework allows a side-channel attack on premium content.
An Ohio parish lost a whopping $1.75 million after attackers breached two employees’ email accounts – and then tricked other employees into sending wire transfers to a fraudulent bank account.
Hardware that supports pirated video streaming content comes packed with malware.
The attack group shows a moderate level of sophistication, but the stage is set for MuddyWater to take things to the next level.
After facing criticism for removing or restricting several parental control apps over the past year, Apple cited security and privacy reasons.
Github and Bitbucket tokens for Docker autobuilds are also impacted.
Millions of security cameras, baby monitors and “smart” doorbells are open to hijack – and no solution is currently available.
Yet another WordPress plugin vulnerability has put thousands of websites at risk.
On this week’s Threatpost news wrap, the team discusses Facebook’s FTC fine for its data security practices, a report that Amazon is collecting Echo users’ geolocation data, and more.
GoDaddy worked with researchers to shut down 15,000 domain-shadowing websites tied to bogus affiliate marketing offers promoted via spam campaigns.
The wireless gateways are used in PoS, industrial IoT and distributed enterprise settings.
Half of Threatpost readers surveyed in a recent poll don’t believe that consent realistically exists when it comes to facial recognition.
A pair of bugs would allow attackers to compromise the WiFi password of a TV and the multimedia stored inside it.
An auditing program for the voice assistant technology exposes geolocation data that can be personally identified, sources said.
A side-channel attack in Qualcomm technology, which is used by most modern Android devices, could allow an attacker to snatch private keys.
Facebook may be fined as much as $5 billion by the FTC for data issues related to the Cambridge Analytica incident.
Google Play has removed up to 50 apps that once downloaded plagued systems with full-screen ads.
The malware hides in the legitimate game downloads, signed with a real certificate; connections to ShadowHammer have been found.
How concerned are you about the privacy implications of facial recognition? Weigh in with our poll.
Ever-changing Qbot trojan has been spotted in a fresh campaign with a new “context aware” delivery technique.
As U.S. citizens realize that facial recognition is present in real-life applications, more questions are arising about consent, how data is shared – and what regulation exists.
The malware is behind billions in banking and credit-card losses.
More and more attacks taking advantage of a XSS and RCE bug in the popular plugin have cropped up in the wild.
Overall, in 2018 the FBI received more than 351k reported scams with losses exceeding $2.7 billion.
China-based app maker ignored repeated warnings by researchers that its password database – stored in plain text – was accessible to anyone online.
A unique identifier is enabled by default on every iPhone that’s shipped, allowing advertisers to follow the phone’s activity across the web.
The attack is targeting financial regulators and embassy staff– but probably isn’t the work of an APT.
The messaging app that will replace the government’s use of WhatsApp and Telegram was released last week, with security vulnerability included.
The malware researcher has pleaded guilty to two out of 10 charges; one with creating the Kronos malware and the other with conspiracy.
The information includes data on all rehab treatments and procedures, linked with patients’ names and other info.
McAfee, Sophos and Avast are among the antivirus software suites impacted.
On the heels of several Facebook data privacy snafus this week – and over the past year – users no longer trust the platform.
A researcher said that millions of records were leaking 300,000 Tap30 drivers’ names, ID numbers and phone numbers.
The incident was the work of malicious cyberattackers.
The flaw, which existed in a Shopify API endpoint, has been patched.
Take our short poll on how far Facebook can push its luck.
The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.
The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said.
The ubiquitous nature of the flaw opens the door for rapidly spreading, crippling cyberattacks.
After a report revealed that Facebook used user data to leverage its relationships with other companies, researchers are stressing that both firms and users need to re-assess data privacy.
An ongoing campaign, active since 2017, has been stealing credentials via global DNS hijacking attacks.
The financial services industry sees nearly half of all website traffic coming from malicious bots.
Overall Oracle patched 297 flaws across multiple product as part of its April security update.
Researchers are pinning a recent phishing campaign against Ukraine government agencies on the Luhansk People’s Republic, a proto-state in eastern Ukraine which declared independence in 2015.
The IT giant’s networks were infiltrated and used to mount supply-chain attacks on its enterprise customers.
Patched just last week, the Windows kernel bug is being used for full system takeover.
After the HawkEye malware kit underwent an ownership change and new development, researchers are spotting the keylogger used in several malicious email campaigns.
A popular Australian smartwatch’s tracking capabilities expose its user’s locations, personal data and more.
The apps, which claim to help users rack up followers, are well-rated and have been downloaded tens of thousands of times.
Business users of Cisco, F5 Networks, Palo Alto Networks and Pulse Secure platforms are impacted, according the U.S. government.
A Microsoft Outlook breach that was disclosed on Friday is thought to be much larger than previously said, a new report found.
Why many attack techniques can be reused – but organizations can’t defend against them.
The duo are convicted of infecting 400,000 computers in the U.S. with malware and scamming victims out of millions of dollars.
The custom malware is a spy tool and can also disrupt processes at U.S. assets.
Yet another Wordpress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered.
Convincing phishing pages and millions of suspicious apps are plaguing tax season.
A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.
At SAS 2019, Recorded Future CTO discusses a new kind of high-profile influence campaign spotted using a new technique: Old news.
Amazon is under fire for its privacy policies after a Bloomberg report revealed that the company hires auditors to listen to Echo recordings.
At the Security Analyst Summit, Threatpost editor Tara Seals catches up with Joe FitzPatrick, researcher with Securing Hardware, to discuss supply chain threats.
Yahoo is taking a second stab at settling a massive lawsuit regarding the data breaches that the Internet company faced between 2013 and 2016.
By combining threat hunting and threat intelligence, companies can discover and deal with vulnerabilities in their networks to improve overall data security.
In only the second known attack of the Russia-linked malware, which shut down an oil refinery in 2017, another Mideast target has been hit.
The SneakyPastes campaign was highly effective but hardly advanced.
A highly sophisticated APT framework has been found targeting a single Central Asian diplomatic entity for years.
Overall Intel patched four vulnerabilities, including high-severity flaws in its Media SDK and Intel NUC mini PC.
During its regularly scheduled April security update, Adobe overall issued 43 patches, including ones for 24 critical vulnerabilities in eight of its products.
The Samsung Galaxy S10 fingerprint sensor can be fooled in a hack that takes a mere 13 minutes and involves a 3D printed fingerprint.
The challenge for most enterprises is that the demand for software is so high that traditional development teams often can’t keep up.
A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection.
Flowershop, Equation, Flame and Duqu appear to have a hand in the different phases of Stuxnet development, all working as part of an operation active as early as 2006.
An underground marketplace is selling tens of thousands of compromised digital identities, paving the way for cybercriminals to commit online fraud.
Consumer router models allowed authenticated users to take unrestricted remote control over TL-WR940N and TL-WR941ND routers.
Researchers said that they discovered new Mirai samples in February 2019, capable of infecting devices powered by a broadened range of processors.
Three recent spam campaigns are pretending to be from ADP and Paychex; in reality, the malicious emails are spreading the TrickBot trojan.
The surveillance tool was signed with legitimate Apple developer certificates.
Chris Vickery with UpGuard, who discovered two datasets exposing millions of Facebook records, discusses his findings and the implications of data collection with Threatpost.
Cisco repatched its RV320 and RV325 routers against two high-severity vulnerabilities, but at the same time reported two new medium-severity bugs with no fixes.
The 74 cybercrime groups were offering illicit services – from email spamming tools to stolen credentials – right on Facebook’s platform.
Three waves of DNS hijacking attacks against consumer routers have been linked back to Google Cloud Platform abuse.
Spam campaign features obfuscated .zipx archive that unpacks LokiBot attack.
No. 4 global phone maker, Xiaomi, preinstalled a security app called ‘Guard Provider’ that had a major flaw.
After two databases were discovered leaking Facebook data, researchers say the onus lies on all parties involved as data collection continues to grow.
Have your business try Cynet’s Free Threat Assessment that checks for malware, C&C connections, data exfiltration, phishing link access, user credential thefts attempts, etc.
Business email compromise group London Blue is back with evolved email domain spoofing tactics and a newfound interest in targets in Asia.
The Security Analyst Summit 2019 heads to Singapore where elite researchers, top cybersecurity firms and global law enforcement agencies fight cybercrime.
Nvidia has patched eight high-severity flaws in its Tegra processors, which could enable denial of service and code execution.
Researchers say that two publicly exposed dataset are leaking Facebook data- from user names to plaintext passwords.
Maximizing your security investment starts with hiring the right talent, harvesting data, spotting trends in logs and more.
The OceanLotus APT is using two new loaders which use steganography to read their encrypted payloads.
Attackers these days want to ‘own’ your entire system, including partners and suppliers.
The kit’s authors demonstrate a knowledge of Verizon’s infrastructure.
Google’s April Android Security update fixed 12 Android-specific vulnerabilities including three critical remote code execution flaws.
White hat hacker reverse engineers financial apps and finds a treasure trove of security issues.
Researchers have seen March Madness-related phishing scams, fake domains and adware spike as cybercriminals take a pass at tournament viewers.
Google said in 2018 it tracked a rise in the number of potentially harmful apps found on Android devices that were either pre-installed or delivered via over-the-air updates.
As Game of Thrones’ eighth season gets ready to kick off, a new report says the popular TV show accounted for 17 percent of all infected pirated content in the last year.
Google Play has removed 25 malicious apps that were downloading spyware, dubbed Exodus, onto victims’ phones.
As to how the breach happened, the company is so far keeping details tightly rolled up.
Researchers at Black Hat Asia said that Intel VISA, a testing tool, can be abused using previously-disclosed vulnerabilities.
Users of the conferencing platform should update immediately.
Magento patched 37 flaws Thursday, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.
An exploit would allow an attacker to establish a persistent backdoor for ongoing remote access.
A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive’s physical process and or even stop it.
MacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.
Video game digital distribution platform GOG Galaxy Games has patched two critical privilege escalation flaws that could allow arbitrary code execution.
The networking giant issued 27 patches impacting a wide range of its products running the ISO XE software.
The FTC is ordering seven companies – including AT&T, T-Mobile, Comcast and more – to outline what data they collect, what they use the data for, and how transparent they’re being with consumers.
According to a report, Grindr’s Chinese owners are selling the platform after concerns were raised about user data handling.
Versions of GeForce Experience for Windows before 3.18 are open to a bug that can allow denial of service and remote code execution.
With new attacks on the Israeli military and social-work educators, exploitation of the 19-year-old flaw shows no signs of slowing down.
Researchers are still looking for answers when it comes to LockerGoga’s initial infection method – and what the attackers behind the ransomware really want.
If users have an impacted devices, they need to immediately run a backup of their files and restore their operating system to factory settings, said ASUS
Apple patched more than 50 flaws in iOS 12.2, including an array of bugs in Webkit and a vulnerability that allows apps to secretly listen to users.
More than one-third of surveyed organizations (36 percent) said they have experienced a security incident because of a remote worker’s actions.
Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look.
Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.
The attack appears to be associated with a China-backed APT actor.
The contractor with whom it shared the data has a vulnerable, unpatched network.
Four have been arrested in the case.
Browsers Firefox and Edge take a beating on day two of the Pwn2Own competition.
Google has snagged three security and privacy certifications for Google Play as it tries to appeal to enterprises despite numerous malicious apps and security issues.
Users of the open-source project should upgrade immediately.
Hacked drones are breaching physical and cyberdefenses to cause disruption and steal data, experts warn.
The unpatched vulnerabilities exist in 20 products made by the popular Medtronics medical device manufacturer, including defibrillators and home patient monitoring systems.
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.
On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox.
The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.
In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed.
The most serious vulnerabilities in Cisco’s 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.
Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.
The campaign, codenamed “Bad Tidings,” has sought out victims’ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interior’s e-Service portal.
Despite the 2018 crackdown on Fin7, the cybercrime group has been ramping up its efforts with two new malware samples and an attack panel.
Until a report this week, Uber’s Surfcam’s use was thought to be limited to incidents uncovered in Singapore in 2017. For its part, Uber denies that it’s a “spyware.”
A long-quiet malware family has been spotted targeting financial technology firms, armed with new obfuscation techniques to avoid detection.
Some of the flaws would allow remote code-execution.
Threatpost talks to Phil Neray with CyberX about Tuesday’s ransomware attack on aluminum producer Norsk Hydro, and how it compares to past manufacturing attacks like Triton, WannaCry and more.
Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.
Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.
When asked if the company plans to pay the ransom, its CFO said its main strategy is to use the backup data stored in the system.
The FBI’s crackdown on 15 DDoS-for-hire sites appears to have had an impact on DDoS attacks, the average size for which dropped 85 percent in the fourth quarter of 2018, a new report found.
Gnosticplayers has released about 26 million records from what he said are breaches of six new companies.
The newest Mirai variant is targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs used by enterprises.
Developers will have a new option to for Android apps to track location only when in use.
With wide deployment expected in the next decade, the driverless automobile landscape looks fraught – from road safety to data protection.
Lenovo has issued patches for several serious vulnerabilities in its products stemming from Intel technology fixes.
An unpatched high-severity vulnerability allows keystroke injections in Fujitsu wireless keyboards.
Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns.
A full 39 percent of Counter-Strike 1.6 game servers on Steam were found to be malicious.
Vulnerability allows adversaries to access monitoring system used for gathering info on operating systems and hardware.
A new malware targeting point of sale systems, GlitchPOS, has been spotted on a crimeware forum.
Increasingly, attackers are targeting the most vulnerable people inside companies and exploiting their weaknesses.
A Sydney man is accused of selling nearly 1 million compromised accounts, for a significant profit.
Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code execution.
The mobile app, dubbed a “Yelp for Conservatives,” was found with an open API leaking reams of user data.
Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.
Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.
Money earmarked for the Defense Department and DHS, and bipartisan bills to address the security of federal IoT devices, showcase growing federal cyber-efforts.
Microsoft’s March Patch Tuesday updates include 64 fixes, 17 of which are rated critical.
Scammers used both older, tested-and-true phishing tactics in 2018 – but also newer tricks, such as fresh distribution methods, according to a new report.
Microsoft won’t be patching the bug, but a proof of concept shows the potential for successful malware implantation.
Adobe fixed two arbitrary code execution flaws in its Photoshop and Digital Edition products.
IRIDIUM is an APT that uses proprietary techniques to bypass two-factor authentication for critical applications, according to security firm Resecurity.
In all, Google reported 45 bugs in its March update with 11 ranked critical and 33 rated high.
In this video, Josh Zelonis, senior analyst at Forrester Research, discusses the next great security threats to enterprises.
Facebook is suing two Ukrainian men who were able to scrape data from 63,000 users’ profiles by enticing users to download a malicious browser extension.
Hacking into smart homes is becoming increasingly easy and a great way to steal victims’ personal information, Trend Micro said at RSA 2019.
Between operational technology and open source, the supply chain is rapidly expanding – and companies that can’t keep up will be the next security targets, said experts at RSA Conference 2019.
International cybercriminals likely exploited weak passwords on an internal network, the FBI said.
RAT activity in Latin America and Asia ramped up at the end of 2018, indicating widespread coordinated targeting by threat actors.
As smart devices permeate our lives, Google sends up a red flag and shows how the underlying systems can be attacked.
From privacy to patches, Threatpost editors discuss the biggest infosec news and trends that they saw this week at RSA Conference 2019.
IoT is growing more popular in the home – and so too are the attacks that target these devices featuring valuable data, researchers said at RSA 2019.
In a proof-of-concept hack, researchers penetrated an ultrasound and were able to download and manipulate patient files, then execute ransomware.
When it comes to domestic abuse, smart products around the house are turning into new threats, a panel of experts said at RSA.
The Privacy Framework is being developed to be risk-based/outcome-based and non-prescriptive, unlike the GDPR.
BleedingBit’s impact continues to spread across various devices, researchers at RSA Conference 2019 said.
Satellites are spotted with vulnerabilities and design flaws – and hackers are taking note, researchers report at the RSA Conference.
Offensive cyber attack chains are accelerating rapidly thanks to a combination of artificial intelligence, machine learning and broadening threat landscape.
Panelists react to missing noted cryptographer Adi Shamir who was denied a visa to enter the US to attend RSA Conference 2019.
A new report outlines the cyberattacks and threats that financial firms are facing.
Public policy honchos for the tech giants discussed what they would like to see in sweeping GDPR-like federal data privacy legislation.
The certificates are often paired with ancillary products, like Google-indexed “aged” domains, after-sale support, web design services and even integration with a range of payment processors.
A scammer ring dubbed Scarlet Widow has targeted nonprofits, schools and universities with an array of business email compromise (BEC) attacks over the past few months.
Tuesday’s keynotes kicking off RSA tackled both light and dark visions of the future, the imperative to become obsessed with trust, IoT and AI, and they even featured Helen Mirren and a flash mob.
The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.
Consumer confidence in companies keeping their data safe is at an all-time low, but password hygiene and not reading EULAs and app permissions remain big problems.
Raoul Strackx, one of the researchers who discovered the Foreshadow speculative execution vulnerability, talks at RSA about the Catch-22 issue when it comes to fixing speculative execution flaws.
At least 463,546 malicious URLs contained in the 28.4 million analyzed emails made it through to corporate in-boxes in Q4 of 2018.
Researchers say that Microsoft won’t issue a patch for the issue.
Users of Logitech’s Harmony Hub get long-awaited answers about the critical bugs that left their home networks wide open to attack.
He is also the all-time top-ranked hacker on HackerOne’s leaderboard, out of more than 330,000 hackers competing for the top spot.
A rash of security flaws in the Outdoor Tech CHIPS smart headphones, which fit in ski helmets, allow bad actors to collect data like emails, passwords, GPS location – and even listen to conversations in real time.
Google Project Zero researchers detailed a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.
The workforce and skills gap in cybersecurity continues to plague organizations.
A proof-of-concept hack allows adversaries to tweak old exploits, have code jump containers and attack underlying infrastructure.
As many ponder the big ethical questions around cyber, some are proposing public interest technologist as a solution.
Student researchers working with IBM X-Force Red team find security holes in five leading visitor management systems.
New look at server data behind a previously-identified espionage campaign shows that it has exceeded researchers’ expectations in complexity, scope and breadth.
What does the age of near-ubiquitous data breaches, deep fakes, and fallible biometric authentication mean for enterprise security?
Adobe has hurried out a patch for a critical arbitrary code execution vulnerability in its ColdFusion product.
The Threatpost team talks about the biggest cybersecurity stories, trends and research we’ll see at RSA this year.
Follow Threatpost as it covers this year’s RSA Conference 2020 where we will bring you the latest breaking news, VIP interviews and insights from the industry’s movers and shakers.
Using an on-again, off-again strategy of C2 communication helps it hide from researchers.
The controversial cryptomining service is shutting down.
Cisco said that CVE-2019-1663, which has a CVSS score of 9.8, allows unauthenticated, remote attackers to execute arbitrary code.
The campaign is marked by a significant level of customization, with an “individualized yet very consistent approach to every compromise.
Researchers are urging Ring users to update to the latest version of the smart doorbell after a serious flaw triggered privacy concerns.
Third time’s hopefully a charm for Cisco, which has patched a high-severity flaw once again in its Webex video conferencing platform.
Many machines, including almost all Apple laptops and desktops produced since 2011, are vulnerable to data exfiltration via weaponized peripherals.
The China-linked threat group has returned in 2018 using updated RATs to launch its attacks, including ZxShell, Gh0st RAT, and SysUpdate malware.
A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks.
SHAREit has fixed two flaws in its app that allow bad actors to authenticate their devices and steal files from a victim’s device.
The spam campaign is being used to spread a malicious .exe file, taking advantage of a vulnerability in WinRAR which was patched in January.
How features such as infotainment and driver-assist can give others a leg up on car owners.
A Threatpost reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers.
The attack threatens users with location-tracking, DoS, fake notifications and more.
Google has announced FIDO2 certification for devices running on Android 7 and above – meaning that users can use biometrics, fingerprint login or PINs instead of passwords.
Phishing emails target a bank’s users with malware – and make their landing page look more legitimate with fake Google reCAPTCHAs.
There was a shocking turn of events in crypto-world.
Threatpost talks to HackerOne CEO Marten Mickos on the EU’s funding of open source bug bounty programs, how a company can start a program, and the next generation of bounty hunters.
U.S. and subcontinent consumers were the most affected by this week’s exposure revelations.
From password manager vulnerabilities to 19-year-old flaws, the Threatpost team broke down this week’s biggest news stories.
Weigh in on password managers with our Threatpost poll.
Premium-access credentials to porn sites are hot in the cyber-underground, as credential-harvesting malware proliferates.
Adobe has issued yet another patch for a critical vulnerability in its Acrobat Reader – a week after the original fix.
Admins should update immediately to fix a remote code-execution vulnerability.
Users of the popular file-compression tool are urged to immediately update after a serious code-execution flaw was found in WinRAR.
Capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners.
An ongoing phishing campaign is targeting hundreds of businesses to steal their email and browser credentials using a simply – but effective – malware.
The music-recognition app that Apple bought for $400 million is removing Facebook Ads, DoubleClick, Facebook Analytics and more.
1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory.
GitHub is offering unlimited rewards for critical vulnerabilities – and has added “safe harbor” terms to its bug bounty program.
As hundreds of millions of Europeans prepare to go to the polls in May, Fancy Bear ramps up cyber-espionage and disinformation efforts.
Windows 7 and Windows Server 2008 users are being asked to upgrade their encryption support.
Russia-linked actors need just 18 minutes to go from compromise to lateral movement.
This is the third update to the prolific GandCrab malware within the past year.
The WinPot malware takes its cues from slot machines.
Physical security goes hand in hand with cyberdefense. What happens when – as we see all too often – the physical side is overlooked?
Threat-hunters say the breached data from the massive Equifax incident is nowhere to be found, indicating a spy job.
Data-exposure “lowlights” for the week ending Feb. 15, 2019.
The eight apps were secretly stealing victims’ CPU power to mine for Monero.
Despite a welcome and needed DNS revamp, preventable abuse continues.
The banking trojan is consistently evolving in hopes of boosting its efficacy.
Researchers warn that the phishing campaign looks “deceptively realistic.”
It has added the technique of using malicious XML files as its delivery method.
A Threatpost poll found that 52 percent don’t feel prepared to prevent a mobile security incident from happening. The results reflect a challenging mobile security landscape.
The dating site said users’ names and email addresses that were added to the system prior to May 2018 may be impacted.
Google Play said that app suspensions increased by 66 percent in 2018 on its platform.
The flaw is only one of many romance-related security issues as bad actors take advantage of Valentine’s Day.
Researchers have identified multiple security issues with this Lenovo smartwatch.
Banking trojans, led by the ever-changing Emotet, dominated the email-borne threat landscape in Q4, according to Proofpoint.
The issue affects default installations of Ubuntu Server and Desktop and is likely included in many Ubuntu-like Linux distributions.
There are no permission dialogues for apps in certain folders for macOS Mojave, which allows a malicious app to spy on browsing histories..
The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications.
Dunkin’ Donuts’ loyalty program was hit with a credential stuffing attack that targeted names, email addresses, 16-digit DD Perks account numbers and DD Perks QR codes.
In its February Patch Tuesday bulletin Microsoft patches four public bugs and one that under active attack.
Users of the popular plugin, Simple Social Buttons, are encouraged to update to version 2.0.22.
“Every file server is lost, every backup server is lost.”
A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks.
Hackers up to 100 meters away could take over Xiaomi M365 scooters to brake or accelerate them.
Overall, Adobe patched 75 important and critical vulnerabilities – including a flaw that could allow bad actors to steal victims’ hashed password values.
From spyware to leaky apps, mobile devices are facing a heightened level of threats. Are we prepared to secure them?
Wyden and Rubio are eyeing VPN services they say could be instruments of espionage for Russia and China.
The zero-day flaw in Adobe Reader DC could allow bad actors to steal victims’ NTLM hashes.
Three major websites are making data-privacy news this week.
A fake MetaMask app is the first instance of this new type of cryptocurrency stealer appearing outside of shady third-party app stores.
It’s futile to try to put the data genie back in the bottle. Next best thing is whole-enterprise data visibility.
Google’s Adiantum boosts encryption for low-end devices with processors that do not have hardware support for AES.
Researchers theorize how Bezos’ very personal pictures may have been allegedly hacked.
A vulnerability in FireOS, the Amazon Fire Tablet’s operating system, has been patched.
Apple’s iOS 12.1.4 fixes a FaceTime bug that made headlines last week.
Trends in DDoS attacks show a evolution beyond Mirai code and point to next-gen botnets that are better hidden and have a greater level of persistence on devices – making them “far more dangerous.”
Up to eight airlines do not encrypt e-ticketing booking systems – leaving personal customer data open for the taking.
A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program.
A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google’s translate feature.
Hackers don’t always steal data. Sometimes the goal is to manipulate the data to intentionally trigger external events that can be capitalized on.
The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.
Today’s financial cyber-rings have corporate insider and management roles — cybercrime is not just just for hackers and coders anymore.
Flaws in this connected smart scale might give the diet-challenged a legitimate reason to be nervous.
Eleven critical bugs will be patched as part of the February Android Security Bulletin.
The children’s smartwatch allows bad actors to track their location and communicate with them, according to the alert.
Several flaws in both open-source RDP clients and in Microsoft’s own proprietary client make it possible for a malicious RDP server to infect a client computer – which could then allow for an intrusion into the IT network as a whole.
How do advanced persistent threat groups such as Darkhotel and Anchor Panda get their ridiculous names?
Referencing the Dalai Lama, the spam campaign is targeting recipients of a mailing list run by the Central Tibetan Administration.
Despite several threat actors stating they are behind a massive 773M credential dump, researchers believe they have found the real distributor.
Armed with an impressive bag of exploits and other tricks for propagation, researchers believe the new trojan could be the catalyst for an upcoming, major cyber-offensive.
The decorating website said that account usernames, passwords and more have been compromised as part of a breach.
The Remexi spyware has been improved and retooled.
From Facebook’s research app being pulled from iOS devices to a new-found dump of compromised credentials, here are the top news of the week.
Scams, infrastructure attacks, data harvesting and attacks on streamers are all in the offing.
Facebook is continuing to crack down on misinformation, political meddling, and “coordinated inauthentic behavior” on its platform.
A new module allows it to be rented to other malicious actors — and it’s likely other new capabilities are coming down the pike.
Swarm technology may be a game changer for the bad guys if organizations don’t change their tactics.
So far, 2019 shows no signs of a decline in data incidents.
A cyberattack lifts employee data at the French aerospace giant as news hits of “Collections 2-5” being passed around the underground.
The Department of Justice is looking to dismantle the Joanap botnet, which has been built and controlled by North Korea-linked hackers since 2009.
A day after Facebook was dinged for shady iOS distribution techniques of its data-collecting research app, Google was discovered using the same methods for its own app.
A newly discovered malware steals cookies, credentials and more to break into victims’ cryptocurrency exchange accounts.
A severe flaw exposes sensitive information for 35,000 kids and 20,000 individual accounts.
A spam injector hides in plain site within WordPress theme files.
Another one of Facebook’s apps has been banned from Apple’s ecosystem due to the level of data that it collects and how it was distributed.
Japan will carry out a “survey” of 200 million deployed IoT devices, with white-hats trying to log into internet-discoverable devices using default credentials.
Part two of RSA’s Conference Advisory Board look into the future tackles how approaches to cybersecurity must evolve to meet new emerging challenges.
Meanwhile, authorities are aggressively going after former users of the Webstresser DDoS-for-hire service.
Firefox 65 rolls out new redesigned privacy controls as part of Mozilla’s anti-tracking promise.
The bug allows iPhone users to FaceTime other iOS users and eavesdrop on their conversations – even when the other end of the line doesn’t pick up.
A report found that a dozen connected devices are open to several security and privacy issues.
Forward-thinking predictions for the year ahead from some of the cybersecurity industry’s wisest minds.
The YouTube competitor said that it was hopeful that it’s containing the damage.
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.
LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible.
From a massive GDPR fine on a big tech company, to an emergency government security alert, here are the top security stories of the week.
A spate of phishing emails with Word attachments deliver both the Gandcrab ransomware and Ursnif executable.
The malware targets victims in multiple, sneaky ways as they move around the web.
A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions.
Credential compromise emerged the main target for phishing campaigns in 2018 – rather than infecting victims’ devices with malware.
Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes.
The banking trojan hides its misdeeds with a rotating set of tactics.
Researchers detected 191,970 bad ads and estimates that around 1 million users were impacted.
Illicit Monero-mining malware accounts for more than 4 percent of the XMR in circulation, and has created $57 million in profits for the bad guys.
Here are six tips to put threat hunters in the driver’s seat so they can outsmart their adversaries.
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS.
An emergency directive from the Department of Homeland Security provides “required actions” for U.S. government agencies to prevent widespread DNS hijacking attacks.
0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8.
The RogueRobin uses a mix of novel techniques.
Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data.
The French Data Protection Authority (DPA) found a lack of transparency when it comes to how Google harvests and uses personal data for ad-targeting purposes.
The patches are part of Adobe’s second unscheduled update this month.
Two apps on Google Play were infecting devices with the Anubis mobile banking trojan.
The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.
Threatpost editors break down the top headlines from the week ended Jan. 18.
A default configuration allows full admin access to unauthenticated attackers.
Twitter has fixed the issue, which has been ongoing since 2014.
Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.
Apple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019.
Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.
New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.
Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released — although lingering concerns remain.
The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS.
The two were able to hack into the SEC’s computer systems due to phishing attacks that stole credentials and spread malware.
Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.
The threat group also has a new subsidiary, Magecart Group 12.
VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.
Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more.
January is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead.
A ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments.
Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach.
He said that similar flaws were also found in the Dreamhost, HostGator, OVH and iPage web hosting platforms.
Take our short poll to weigh in on the state of two-factor authentication.
Researchers created a proof-of-concept escape of Docker test environment.
The malware’s operator, Grim Spider, could be affiliated with Russian cybercrime rings, according to some — others say there’s no concrete evidence.
Firefox 69 will force users to manually install Adobe Flash as the plugin inches toward end of life.
Dual data exposures and a wide-scale data leak due to a vulnerable MongoDB database have kicked off 2019 so far.
Threatpost discusses the future of the Emotet banking trojan with Cylance.
The app was developed by legitimate Chinese manufacturing giant TCL.
The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions.
As the shutdown continues into its 21st day, dozens of .gov websites haven’t renewed their TLS certificates.
A penetration testing tool called Modlishka can defeat two-factor authentication in the latest 2FA security issue. We asked a roundtable of experts what it all means.
When it comes to IoT, the priority at CES is the “wow factor” – but not so much a focus on security.
The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to Iran.
The technique can be used to spread disinformation while leveraging the trust people have in Google’s search results.
A remote attacker could exploit the vulnerability simply by sending an email.
Researchers think an organized crime gang is running the massive campaigns, prepping for large-scale follow-on attacks on Android users.
Once downloaded, the fake apps hide themselves on the victim’s device and continue to show a full-screen ad every 15 minutes.
Despite fewer plugins being added to Wordpress last year, the CMS saw an increase of vulnerabilities in its platform in 2018.
Should we pump the brakes on the roll out of biometric security to first consider whether we are creating new vulnerabilities?
As the hype at CES demonstrates, 5G is the newest and shiniest tech bauble out there: but security concerns loom.
Overall, the chip giant patched five vulnerabilities across an array of its products.
Bad actors are imitating high-level executives in the shipping industry to launch BEC attacks that could lead to credential theft or worse – system compromise.
Microsoft January Patch Tuesday roundup includes four critical patches for its Edge browser.
The whole attack takes place in under a minute.
The update comes on the heels of critical fixes in an unscheduled patch last week.
Just as ex-tropical Cyclone Penny moved toward the coast of Queensland, Australia, users of Early Warning Network reported receiving strange messages from the emergency system.
Apple exploits will fetch the highest price.
Security incidents are set to grow as companies lag behind in securing their containers.
Robert Tibbo discusses being pushed to leave Hong Kong under pressure and efforts made to the Canadian government to grant refugee status to the “Snowden refugees.”
A proof-of-concept from the University of Maryland can defeat the audio challenges that are offered as an option for people with disabilities.
A glitch allowed hackers to access contacts, photos and more on Android devices – simply by answering a Skype call.
In this week’s podcast, we weigh in on the top threats to watch out for in 2019 – from fraud to IoT.
The lawsuit alleges that the Weather Channel app misled users about why it was collecting their (extremely precise) geolocation data.
The hotel giant said after de-duping, the breach appears to be smaller than it thought.
The phishing campaign is using a new technique to hide the source code of its landing page – and stealing credentials from customers of a major U.S.-based bank.
It’s not clear why the data release wasn’t noticed earlier.
An unscheduled patch fixed two critical flaws that could enable arbitrary code execution.
All of the vulnerabilities arise from improper input validations.
Password-manager Blur and role-playing game Town of Salem both disclosed data breaches this week that impacted a combined 10 million.
Across six apps, the spyware managed to spread to 196 different countries.
Robert Tibbo discusses the challenges he and his clients face in Hong Kong as the government there targets both in a harassment campaign for aiding Edward Snowden.
The same hacking duo behind the recent “PewDiePie” printer hacks are back – this time with publicly exposed Chromecast, Google Home and smart TV systems as their targets.
Bruce Schneier discusses the clash between critical infrastructure and cyber threats.
As the bug bounty programs begin to roll out in January, security experts worry that the programs miss the mark on truly securing open source projects.
Attackers could craft a campaign that makes use of the device profile in order to exploit any vulnerabilities in a targeted fashion.
Vulnerabilities, stolen credentials and an evolution of marketplaces mark the Dark Web in Q3.
Here are 10 top malware trends to watch for in the New Year.
Reports have linked the attack to the Ryuk ransomware.
Cryptocurrency wallets Trezor and Ledger are vulnerable to a number of different type attacks, researchers say.
With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.
When it comes to ensuring safe cloud app rollouts, there’s flat-out animosity between business shareholders. HackerOne’s Alex Rice and GitLab’s Johnathan Hunt share tips on quashing all the squabbling.
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.
Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.
The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.
Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.
It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.
Stock the liquor cabinet and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”
With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.
When it comes to ensuring safe cloud app rollouts, there’s flat-out animosity between business shareholders. HackerOne’s Alex Rice and GitLab’s Johnathan Hunt share tips on quashing all the squabbling.
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.
Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.
The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa.
Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.
It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.
Stock the liquor cabinet and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”
With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.
When it comes to ensuring safe cloud app rollouts, there’s flat-out animosity between business shareholders. HackerOne’s Alex Rice and GitLab’s Johnathan Hunt share tips on quashing all the squabbling.
How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.
The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again.
TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.
From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.
The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.
Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.
From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.
Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.
How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.
The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again.
TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.
From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.
The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.
Noted Apple security expert Patrick Wardle discusses how cybercriminals are stepping up their game in targeting Apple users with new techniques and cyberattacks.
From ransomware attacks that crippled hospitals, to espionage attacks targeting COVID-19 vaccine supply chain, Beau Woods discusses the top healthcare security risks.
Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.
How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
A look back at the blizzard of breaches that made up 2018.
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.
2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.
2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.
From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.
Here are 10 top malware trends to watch for in the New Year.
The top cybersecurity and privacy trends that biggest impact in 2018.
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
A look back at the blizzard of breaches that made up 2018.
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.
2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.
2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.
From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.
Here are 10 top malware trends to watch for in the New Year.
The top cybersecurity and privacy trends that biggest impact in 2018.
What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.
A look back at the blizzard of breaches that made up 2018.
Get the latest breaking news delivered daily to your inbox.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
Notifications